Definitions for @turbot/gcp-network
- address
- Address
- addressAka
- addressStatus
- AuditConfig
- AuditLogConfig
- AuthorizationLoggingOptions
- AWSV4Signature
- Backend
- backendBucket
- BackendBucket
- backendBucketAka
- BackendBucketCdnPolicy
- BackendBucketCdnPolicyBypassCacheOnRequestHeader
- BackendBucketCdnPolicyCacheKeyPolicy
- BackendBucketCdnPolicyNegativeCachingPolicy
- backendService
- BackendService
- backendServiceAka
- BackendServiceCdnPolicy
- BackendServiceCdnPolicyBypassCacheOnRequestHeader
- BackendServiceCdnPolicyNegativeCachingPolicy
- BackendServiceConnectionTrackingPolicy
- BackendServiceFailoverPolicy
- BackendServiceIAP
- BackendServiceLocalityLoadBalancingPolicyConfig
- BackendServiceLocalityLoadBalancingPolicyConfigCustomPolicy
- BackendServiceLocalityLoadBalancingPolicyConfigPolicy
- BackendServiceLogConfig
- BackendServiceUsedBy
- Binding
- CacheKeyPolicy
- CircuitBreakers
- Condition
- ConnectionDraining
- ConsistentHashLoadBalancerSettings
- ConsistentHashLoadBalancerSettingsHttpCookie
- CorsPolicy
- Duration
- Expr
- firewall
- Firewall
- firewallAka
- firewallAllowed
- firewallAllowedItems
- firewallDirection
- FirewallLogConfig
- firewallSourceRanges
- forwardingRule
- ForwardingRule
- forwardingRules
- ForwardingRuleServiceDirectoryRegistration
- forwardingRulesItems
- globalForwardingRule
- HostRule
- HttpFaultAbort
- HttpFaultDelay
- HttpFaultInjection
- HttpHeaderAction
- HttpHeaderMatch
- HttpHeaderOption
- HttpQueryParameterMatch
- HttpRedirectAction
- HttpRetryPolicy
- HttpRouteAction
- HttpRouteRule
- HttpRouteRuleMatch
- Int64RangeMatch
- interconnect
- Interconnect
- interconnectAka
- InterconnectCircuitInfo
- InterconnectMacsec
- InterconnectMacsecPreSharedKey
- interconnectName
- InterconnectOutageNotification
- interconnectStatus
- ipAddress
- ipv4CidrBlock
- LogConfig
- LogConfigCloudAuditOptions
- LogConfigCounterOptions
- LogConfigCounterOptionsCustomField
- LogConfigDataAccessOptions
- MetadataFilter
- MetadataFilterLabelMatch
- network
- Network
- networkAka
- networkName
- NetworkPeering
- NetworkRoutingConfig
- networkService
- networkServiceAka
- networkServiceNow
- networkServiceSupportedRegions
- OutlierDetection
- PacketMirroring
- PacketMirroringFilter
- PacketMirroringForwardingRuleInfo
- PacketMirroringMirroredResourceInfo
- PacketMirroringMirroredResourceInfoInstanceInfo
- PacketMirroringMirroredResourceInfoSubnetInfo
- PacketMirroringNetworkInfo
- PathMatcher
- PathRule
- Policy
- regionBackendService
- regionBackendServiceAka
- regionName
- RequestMirrorPolicy
- resourceName
- route
- Route
- routeAka
- RouteAsPath
- routeName
- router
- Router
- RouterAdvertisedIpRange
- routerAka
- RouterBgp
- RouterBgpPeer
- RouterBgpPeerBfd
- RouterBgpPeerCustomLearnedIpRange
- RouterInterface
- RouterMd5AuthenticationKey
- routerName
- RouterNat
- RouterNatLogConfig
- RouterNatRule
- RouterNatRuleAction
- RouterNatSubnetworkToNat
- Rule
- SecuritySettings
- SslCertificate
- SslCertificateManagedSslCertificate
- SslCertificateSelfManagedSslCertificate
- SslPolicy
- status
- subnetwork
- Subnetwork
- subnetworkAka
- SubnetworkLogConfig
- SubnetworkSecondaryRange
- subnetworkServiceNow
- Subsetting
- TargetHttpsProxy
- TargetPool
- TargetSslProxy
- TargetTcpProxy
- targetVpnGateway
- TargetVpnGateway
- targetVpnGatewayAka
- targetVpnGatewayStatus
- UrlMap
- UrlMapTest
- UrlMapTestHeader
- UrlRewrite
- vpnTunnel
- VpnTunnel
- vpnTunnelAka
- WeightedBackendService
address
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/resourceName" }, "creationTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "status": { "$ref": "#/definitions/addressStatus" }, "labels": { "$ref": "gcp#/definitions/labels" }, "labelFingerprint": { "$ref": "gcp#/definitions/fingerprint" }, "address": { "$ref": "#/definitions/ipAddress" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/addressAka" } }, "tags": { "$ref": "gcp#/definitions/labels" }, "title": { "$ref": "#/definitions/resourceName" }, "custom": { "type": "object", "properties": { "gcp": { "$ref": "gcp#/definitions/gcpMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "required": [ "name", "turbot" ], "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "name": "testelb", "address": "192.32.31.2", "status": "IN_USE", "turbot": { "custom": { "gcp": { "projectId": "123-456", "regionName": "us-west1" }, "createTimeStamp": "2000-01-01T00:00:00.000Z" } } } }, { "description": "Invalid - Missing name", "input": { "address": "192.32.31.2", "status": "IN_USE", "turbot": { "custom": { "gcp": { "projectId": "123-456", "regionName": "us-west1" }, "createTimeStamp": "2000-01-01T00:00:00.000Z" } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "name": "tes01", "address": "192.32.31.2", "status": "IN_USE" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/address", "modUri": "tmod:@turbot/gcp-network" }}Address
{ "description": "Represents an IP Address resource. Google Compute Engine has two IP Address resources: * [Global (external and internal)](https://cloud.google.com/compute/docs/reference/rest/v1/globalAddresses) * [Regional (external and internal)](https://cloud.google.com/compute/docs/reference/rest/v1/addresses) For more information, see Reserving a static external IP address.", "properties": { "address": { "description": "The static IP address represented by this resource.", "type": "string" }, "addressType": { "description": "The type of address to reserve, either INTERNAL or EXTERNAL. If unspecified, defaults to EXTERNAL.", "enum": [ "EXTERNAL", "INTERNAL", "UNSPECIFIED_TYPE" ], "type": "string" }, "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "description": { "description": "An optional description of this resource. Provide this field when you create the resource.", "type": "string" }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "ipVersion": { "description": "The IP version that will be used by this address. Valid options are IPV4 or IPV6.", "enum": [ "IPV4", "IPV6", "UNSPECIFIED_VERSION" ], "type": "string" }, "ipv6EndpointType": { "description": "The endpoint type of this address, which should be VM or NETLB. This is used for deciding which type of endpoint this address can be used after the external IPv6 address reservation.", "enum": [ "NETLB", "VM" ], "type": "string" }, "kind": { "default": "compute#address", "description": "[Output Only] Type of the resource. Always compute#address for addresses.", "type": "string" }, "labelFingerprint": { "description": "A fingerprint for the labels being applied to this Address, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an Address.", "type": "string" }, "labels": { "additionalProperties": { "type": "string" }, "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.", "type": "object" }, "name": { "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "network": { "description": "The URL of the network in which to reserve the address. This field can only be used with INTERNAL type with the VPC_PEERING purpose.", "type": "string" }, "networkTier": { "description": "This signifies the networking tier used for configuring this address and can only take the following values: PREMIUM or STANDARD. Internal IP addresses are always Premium Tier; global external IP addresses are always Premium Tier; regional external IP addresses can be either Standard or Premium Tier. If this field is not specified, it is assumed to be PREMIUM.", "enum": [ "FIXED_STANDARD", "PREMIUM", "STANDARD", "STANDARD_OVERRIDES_FIXED_STANDARD" ], "type": "string" }, "prefixLength": { "description": "The prefix length if the resource represents an IP range.", "type": "integer" }, "purpose": { "description": "The purpose of this resource, which can be one of the following values: - GCE_ENDPOINT for addresses that are used by VM instances, alias IP ranges, load balancers, and similar resources. - DNS_RESOLVER for a DNS resolver address in a subnetwork for a Cloud DNS inbound forwarder IP addresses (regional internal IP address in a subnet of a VPC network) - VPC_PEERING for global internal IP addresses used for private services access allocated ranges. - NAT_AUTO for the regional external IP addresses used by Cloud NAT when allocating addresses using automatic NAT IP address allocation. - IPSEC_INTERCONNECT for addresses created from a private IP range that are reserved for a VLAN attachment in an *HA VPN over Cloud Interconnect* configuration. These addresses are regional resources. - `SHARED_LOADBALANCER_VIP` for an internal IP address that is assigned to multiple internal forwarding rules. - `PRIVATE_SERVICE_CONNECT` for a private network address that is used to configure Private Service Connect. Only global internal addresses can use this purpose. ", "enum": [ "DNS_RESOLVER", "GCE_ENDPOINT", "IPSEC_INTERCONNECT", "NAT_AUTO", "PRIVATE_SERVICE_CONNECT", "SERVERLESS", "SHARED_LOADBALANCER_VIP", "VPC_PEERING" ], "type": "string" }, "region": { "description": "[Output Only] The URL of the region where a regional address resides. For regional addresses, you must specify the region as a path parameter in the HTTP request URL. *This field is not applicable to global addresses.*", "type": "string" }, "selfLink": { "description": "[Output Only] Server-defined URL for the resource.", "type": "string" }, "status": { "description": "[Output Only] The status of the address, which can be one of RESERVING, RESERVED, or IN_USE. An address that is RESERVING is currently in the process of being reserved. A RESERVED address is currently reserved and available to use. An IN_USE address is currently being used by another resource and is not available.", "enum": [ "IN_USE", "RESERVED", "RESERVING" ], "type": "string" }, "subnetwork": { "description": "The URL of the subnetwork in which to reserve the address. If an IP address is specified, it must be within the subnetwork's IP range. This field can only be used with INTERNAL type with a GCE_ENDPOINT or DNS_RESOLVER purpose.", "type": "string" }, "users": { "description": "[Output Only] The URLs of the resources that are using this address.", "items": { "type": "string" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/Address", "modUri": "tmod:@turbot/gcp-network" }}addressAka
{ "type": "string", "pattern": "^gcp://compute.googleapis.com/projects/[a-z0-9-]{5,29}[a-z0-9]{1}/regions/(asia-east1|asia-east2|asia-northeast1|asia-south1|asia-southeast1|australia-southeast1|europe-north1|europe-west1|europe-west2|europe-west3|europe-west4|northamerica-northeast1|southamerica-east1|us-central1|us-east1|us-east4|us-west1|us-west2|global)/addresses/[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?$", "tests": [ { "descritpion": "base case", "input": "gcp://compute.googleapis.com/projects/aar-a4b6d489/regions/us-west1/addresses/test01" }, { "description": "invalid - invalid region name", "input": "gcp://compute.googleapis.com/projects/aar-a4b6d489/regions/asiaus/addresses/test01", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/addressAka", "modUri": "tmod:@turbot/gcp-network" }}addressStatus
{ "type": "string", "enum": [ "RESERVING", "RESERVED", "IN_USE" ], "tests": [ { "input": "IN_USE" }, { "input": "RESERVED" }, { "description": "invalid - not listed in options", "input": "RUNNABLE", "expected": false }, { "description": "invalid - null value", "input": null, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/addressStatus", "modUri": "tmod:@turbot/gcp-network" }}AuditConfig
{ "description": "Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both `allServices` and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { \"audit_configs\": [ { \"service\": \"allServices\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" }, { \"log_type\": \"ADMIN_READ\" } ] }, { \"service\": \"sampleservice.googleapis.com\", \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\" }, { \"log_type\": \"DATA_WRITE\", \"exempted_members\": [ \"user:aliya@example.com\" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.", "properties": { "auditLogConfigs": { "description": "The configuration for logging of each type of permission.", "items": { "$ref": "#/definitions/AuditLogConfig" }, "type": "array" }, "exemptedMembers": { "description": "This is deprecated and has no effect. Do not use.", "items": { "type": "string" }, "type": "array" }, "service": { "description": "Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/AuditConfig", "modUri": "tmod:@turbot/gcp-network" }}AuditLogConfig
{ "description": "Provides the configuration for logging a type of permissions. Example: { \"audit_log_configs\": [ { \"log_type\": \"DATA_READ\", \"exempted_members\": [ \"user:jose@example.com\" ] }, { \"log_type\": \"DATA_WRITE\" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.", "properties": { "exemptedMembers": { "description": "Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.", "items": { "type": "string" }, "type": "array" }, "ignoreChildExemptions": { "description": "This is deprecated and has no effect. Do not use.", "type": "boolean" }, "logType": { "description": "The log type that this config enables.", "enum": [ "ADMIN_READ", "DATA_READ", "DATA_WRITE", "LOG_TYPE_UNSPECIFIED" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/AuditLogConfig", "modUri": "tmod:@turbot/gcp-network" }}AuthorizationLoggingOptions
{ "description": "This is deprecated and has no effect. Do not use.", "properties": { "permissionType": { "description": "This is deprecated and has no effect. Do not use.", "enum": [ "ADMIN_READ", "ADMIN_WRITE", "DATA_READ", "DATA_WRITE", "PERMISSION_TYPE_UNSPECIFIED" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/AuthorizationLoggingOptions", "modUri": "tmod:@turbot/gcp-network" }}AWSV4Signature
{ "description": "Contains the configurations necessary to generate a signature for access to private storage buckets that support Signature Version 4 for authentication. The service name for generating the authentication header will always default to 's3'.", "properties": { "accessKey": { "description": "The access key used for s3 bucket authentication. Required for updating or creating a backend that uses AWS v4 signature authentication, but will not be returned as part of the configuration when queried with a REST API GET request. @InputOnly", "type": "string" }, "accessKeyId": { "description": "The identifier of an access key used for s3 bucket authentication.", "type": "string" }, "accessKeyVersion": { "description": "The optional version identifier for the access key. You can use this to keep track of different iterations of your access key.", "type": "string" }, "originRegion": { "description": "The name of the cloud region of your origin. This is a free-form field with the name of the region your cloud uses to host your origin. For example, \"us-east-1\" for AWS or \"us-ashburn-1\" for OCI.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/AWSV4Signature", "modUri": "tmod:@turbot/gcp-network" }}Backend
{ "description": "Message containing information of one individual backend.", "properties": { "balancingMode": { "description": "Specifies how to determine whether the backend of a load balancer can handle additional traffic or is fully loaded. For usage guidelines, see Connection balancing mode. Backends must use compatible balancing modes. For more information, see Supported balancing modes and target capacity settings and Restrictions and guidance for instance groups. Note: Currently, if you use the API to configure incompatible balancing modes, the configuration might be accepted even though it has no impact and is ignored. Specifically, Backend.maxUtilization is ignored when Backend.balancingMode is RATE. In the future, this incompatible combination will be rejected.", "enum": [ "CONNECTION", "RATE", "UTILIZATION" ], "type": "string" }, "capacityScaler": { "description": "A multiplier applied to the backend's target capacity of its balancing mode. The default value is 1, which means the group serves up to 100% of its configured capacity (depending on balancingMode). A setting of 0 means the group is completely drained, offering 0% of its available capacity. The valid ranges are 0.0 and [0.1,1.0]. You cannot configure a setting larger than 0 and smaller than 0.1. You cannot configure a setting of 0 when there is only one backend attached to the backend service. Not available with backends that don't support using a balancingMode. This includes backends such as global internet NEGs, regional serverless NEGs, and PSC NEGs.", "type": "number" }, "description": { "description": "An optional description of this resource. Provide this property when you create the resource.", "type": "string" }, "failover": { "description": "This field designates whether this is a failover backend. More than one failover backend can be configured for a given BackendService.", "type": "boolean" }, "group": { "description": "The fully-qualified URL of an instance group or network endpoint group (NEG) resource. To determine what types of backends a load balancer supports, see the [Backend services overview](https://cloud.google.com/load-balancing/docs/backend-service#backends). You must use the *fully-qualified* URL (starting with https://www.googleapis.com/) to specify the instance group or NEG. Partial URLs are not supported.", "type": "string" }, "maxConnections": { "description": "Defines a target maximum number of simultaneous connections. For usage guidelines, see Connection balancing mode and Utilization balancing mode. Not available if the backend's balancingMode is RATE.", "type": "integer" }, "maxConnectionsPerEndpoint": { "description": "Defines a target maximum number of simultaneous connections. For usage guidelines, see Connection balancing mode and Utilization balancing mode. Not available if the backend's balancingMode is RATE.", "type": "integer" }, "maxConnectionsPerInstance": { "description": "Defines a target maximum number of simultaneous connections. For usage guidelines, see Connection balancing mode and Utilization balancing mode. Not available if the backend's balancingMode is RATE.", "type": "integer" }, "maxRate": { "description": "Defines a maximum number of HTTP requests per second (RPS). For usage guidelines, see Rate balancing mode and Utilization balancing mode. Not available if the backend's balancingMode is CONNECTION.", "type": "integer" }, "maxRatePerEndpoint": { "description": "Defines a maximum target for requests per second (RPS). For usage guidelines, see Rate balancing mode and Utilization balancing mode. Not available if the backend's balancingMode is CONNECTION.", "type": "number" }, "maxRatePerInstance": { "description": "Defines a maximum target for requests per second (RPS). For usage guidelines, see Rate balancing mode and Utilization balancing mode. Not available if the backend's balancingMode is CONNECTION.", "type": "number" }, "maxUtilization": { "description": "Optional parameter to define a target capacity for the UTILIZATION balancing mode. The valid range is [0.0, 1.0]. For usage guidelines, see Utilization balancing mode.", "type": "number" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/Backend", "modUri": "tmod:@turbot/gcp-network" }}backendBucket
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/resourceName" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/backendBucketAka" } }, "title": { "$ref": "#/definitions/resourceName" }, "custom": { "type": "object", "properties": { "gcp": { "$ref": "gcp#/definitions/gcpMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "hasData": { "type": "boolean" } } } } } }, "required": [ "name", "turbot" ], "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "name": "tes01", "turbot": { "custom": { "gcp": { "projectId": "123-456" } } } } }, { "description": "Invalid - Missing name", "input": { "turbot": { "custom": { "gcp": { "projectId": "123-456" } } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "name": "test01" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/backendBucket", "modUri": "tmod:@turbot/gcp-network" }}BackendBucket
{ "description": "Represents a Cloud Storage Bucket resource. This Cloud Storage bucket resource is referenced by a URL map of a load balancer. For more information, read Backend Buckets.", "properties": { "bucketName": { "description": "Cloud Storage bucket name.", "type": "string" }, "cdnPolicy": { "$ref": "#/definitions/BackendBucketCdnPolicy", "description": "Cloud CDN configuration for this BackendBucket." }, "compressionMode": { "description": "Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header.", "enum": [ "AUTOMATIC", "DISABLED" ], "type": "string" }, "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "customResponseHeaders": { "description": "Headers that the Application Load Balancer should add to proxied responses.", "items": { "type": "string" }, "type": "array" }, "description": { "description": "An optional textual description of the resource; provided by the client when the resource is created.", "type": "string" }, "edgeSecurityPolicy": { "description": "[Output Only] The resource URL for the edge security policy associated with this backend bucket.", "type": "string" }, "enableCdn": { "description": "If true, enable Cloud CDN for this BackendBucket.", "type": "boolean" }, "id": { "description": "[Output Only] Unique identifier for the resource; defined by the server.", "type": "string" }, "kind": { "default": "compute#backendBucket", "description": "Type of the resource.", "type": "string" }, "name": { "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "selfLink": { "description": "[Output Only] Server-defined URL for the resource.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/BackendBucket", "modUri": "tmod:@turbot/gcp-network" }}backendBucketAka
{ "type": "string", "pattern": "^gcp://compute.googleapis.com/projects/[a-z0-9-]{5,29}[a-z0-9]{1}/global/backendBuckets/[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?$", "tests": [ { "descritpion": "base case", "input": "gcp://compute.googleapis.com/projects/aar-a4b6d489/global/backendBuckets/test01" }, { "description": "invalid - invalid name", "input": "gcp://compute.googleapis.com/projects/aar-a4b6d489/global/backendBuckets/test01-", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/backendBucketAka", "modUri": "tmod:@turbot/gcp-network" }}BackendBucketCdnPolicy
{ "description": "Message containing Cloud CDN configuration for a backend bucket.", "properties": { "bypassCacheOnRequestHeaders": { "description": "Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings.", "items": { "$ref": "#/definitions/BackendBucketCdnPolicyBypassCacheOnRequestHeader" }, "type": "array" }, "cacheKeyPolicy": { "$ref": "#/definitions/BackendBucketCdnPolicyCacheKeyPolicy", "description": "The CacheKeyPolicy for this CdnPolicy." }, "cacheMode": { "description": "Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any \"private\", \"no-store\" or \"no-cache\" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.", "enum": [ "CACHE_ALL_STATIC", "FORCE_CACHE_ALL", "INVALID_CACHE_MODE", "USE_ORIGIN_HEADERS" ], "type": "string" }, "clientTtl": { "description": "Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a \"public\" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a \"public\" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).", "type": "integer" }, "defaultTtl": { "description": "Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of \"0\" means \"always revalidate\". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.", "type": "integer" }, "maxTtl": { "description": "Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of \"0\" means \"always revalidate\". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.", "type": "integer" }, "negativeCaching": { "description": "Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.", "type": "boolean" }, "negativeCachingPolicy": { "description": "Sets a cache TTL for the specified HTTP status code. negative_caching must be enabled to configure negative_caching_policy. Omitting the policy and leaving negative_caching enabled will use Cloud CDN's default cache TTLs. Note that when specifying an explicit negative_caching_policy, you should take care to specify a cache TTL for all response codes that you wish to cache. Cloud CDN will not apply any default negative caching when a policy exists.", "items": { "$ref": "#/definitions/BackendBucketCdnPolicyNegativeCachingPolicy" }, "type": "array" }, "requestCoalescing": { "description": "If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.", "type": "boolean" }, "serveWhileStale": { "description": "Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache. This setting defines the default \"max-stale\" duration for any cached responses that do not specify a max-stale directive. Stale responses that exceed the TTL configured here will not be served. The default limit (max-stale) is 86400s (1 day), which will allow stale content to be served up to this limit beyond the max-age (or s-max-age) of a cached response. The maximum allowed value is 604800 (1 week). Set this to zero (0) to disable serve-while-stale.", "type": "integer" }, "signedUrlCacheMaxAgeSec": { "description": "Maximum number of seconds the response to a signed URL request will be considered fresh. After this time period, the response will be revalidated before being served. Defaults to 1hr (3600s). When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a \"Cache-Control: public, max-age=[TTL]\" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.", "type": "string" }, "signedUrlKeyNames": { "description": "[Output Only] Names of the keys for signing request URLs.", "items": { "type": "string" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/BackendBucketCdnPolicy", "modUri": "tmod:@turbot/gcp-network" }}BackendBucketCdnPolicyBypassCacheOnRequestHeader
{ "description": "Bypass the cache when the specified request headers are present, e.g. Pragma or Authorization headers. Values are case insensitive. The presence of such a header overrides the cache_mode setting.", "properties": { "headerName": { "description": "The header field name to match on when bypassing cache. Values are case-insensitive.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/BackendBucketCdnPolicyBypassCacheOnRequestHeader", "modUri": "tmod:@turbot/gcp-network" }}BackendBucketCdnPolicyCacheKeyPolicy
{ "description": "Message containing what to include in the cache key for a request for Cloud CDN.", "properties": { "includeHttpHeaders": { "description": "Allows HTTP request headers (by name) to be used in the cache key.", "items": { "type": "string" }, "type": "array" }, "queryStringWhitelist": { "description": "Names of query string parameters to include in cache keys. Default parameters are always included. '&' and '=' will be percent encoded and not treated as delimiters.", "items": { "type": "string" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/BackendBucketCdnPolicyCacheKeyPolicy", "modUri": "tmod:@turbot/gcp-network" }}BackendBucketCdnPolicyNegativeCachingPolicy
{ "description": "Specify CDN TTLs for response error codes.", "properties": { "code": { "description": "The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 302, 307, 308, 404, 405, 410, 421, 451 and 501 are can be specified as values, and you cannot specify a status code more than once.", "type": "integer" }, "ttl": { "description": "The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.", "type": "integer" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/BackendBucketCdnPolicyNegativeCachingPolicy", "modUri": "tmod:@turbot/gcp-network" }}backendService
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/resourceName" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/backendServiceAka" } }, "title": { "$ref": "#/definitions/resourceName" }, "custom": { "type": "object", "properties": { "gcp": { "$ref": "gcp#/definitions/gcpMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "name": "tes01", "turbot": { "custom": { "gcp": { "projectId": "123-456" } } } } }, { "description": "Invalid - Missing name", "input": { "turbot": { "custom": { "gcp": { "projectId": "123-456", "regionName": "southamerica-east1" } } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "name": "tes01" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/backendService", "modUri": "tmod:@turbot/gcp-network" }}BackendService
{ "description": "Represents a Backend Service resource. A backend service defines how Google Cloud load balancers distribute traffic. The backend service configuration contains a set of values, such as the protocol used to connect to backends, various distribution and session settings, health checks, and timeouts. These settings provide fine-grained control over how your load balancer behaves. Most of the settings have default values that allow for easy configuration if you need to get started quickly. Backend services in Google Compute Engine can be either regionally or globally scoped. * [Global](https://cloud.google.com/compute/docs/reference/rest/v1/backendServices) * [Regional](https://cloud.google.com/compute/docs/reference/rest/v1/regionBackendServices) For more information, see Backend Services.", "properties": { "affinityCookieTtlSec": { "description": "Lifetime of cookies in seconds. This setting is applicable to Application Load Balancers and Traffic Director and requires GENERATED_COOKIE or HTTP_COOKIE session affinity. If set to 0, the cookie is non-persistent and lasts only until the end of the browser session (or equivalent). The maximum allowed value is two weeks (1,209,600). Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.", "type": "integer" }, "backends": { "description": "The list of backends that serve this BackendService.", "items": { "$ref": "#/definitions/Backend" }, "type": "array" }, "cdnPolicy": { "$ref": "#/definitions/BackendServiceCdnPolicy", "description": "Cloud CDN configuration for this BackendService. Only available for specified load balancer types." }, "circuitBreakers": { "$ref": "#/definitions/CircuitBreakers" }, "compressionMode": { "description": "Compress text responses using Brotli or gzip compression, based on the client's Accept-Encoding header.", "enum": [ "AUTOMATIC", "DISABLED" ], "type": "string" }, "connectionDraining": { "$ref": "#/definitions/ConnectionDraining" }, "connectionTrackingPolicy": { "$ref": "#/definitions/BackendServiceConnectionTrackingPolicy", "description": "Connection Tracking configuration for this BackendService. Connection tracking policy settings are only available for external passthrough Network Load Balancers and internal passthrough Network Load Balancers." }, "consistentHash": { "$ref": "#/definitions/ConsistentHashLoadBalancerSettings", "description": "Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. This load balancing policy is applicable only for HTTP connections. The affinity to a particular destination host will be lost when one or more hosts are added/removed from the destination service. This field specifies parameters that control consistent hashing. This field is only applicable when localityLbPolicy is set to MAGLEV or RING_HASH. This field is applicable to either: - A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED. - A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED. " }, "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "customRequestHeaders": { "description": "Headers that the load balancer adds to proxied requests. See [Creating custom headers](https://cloud.google.com/load-balancing/docs/custom-headers).", "items": { "type": "string" }, "type": "array" }, "customResponseHeaders": { "description": "Headers that the load balancer adds to proxied responses. See [Creating custom headers](https://cloud.google.com/load-balancing/docs/custom-headers).", "items": { "type": "string" }, "type": "array" }, "description": { "description": "An optional description of this resource. Provide this property when you create the resource.", "type": "string" }, "edgeSecurityPolicy": { "description": "[Output Only] The resource URL for the edge security policy associated with this backend service.", "type": "string" }, "enableCDN": { "description": "If true, enables Cloud CDN for the backend service of a global external Application Load Balancer.", "type": "boolean" }, "failoverPolicy": { "$ref": "#/definitions/BackendServiceFailoverPolicy", "description": "Requires at least one backend instance group to be defined as a backup (failover) backend. For load balancers that have configurable failover: [Internal passthrough Network Load Balancers](https://cloud.google.com/load-balancing/docs/internal/failover-overview) and [external passthrough Network Load Balancers](https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview)." }, "fingerprint": { "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a BackendService. An up-to-date fingerprint must be provided in order to update the BackendService, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a BackendService.", "type": "string" }, "healthChecks": { "description": "The list of URLs to the healthChecks, httpHealthChecks (legacy), or httpsHealthChecks (legacy) resource for health checking this backend service. Not all backend services support legacy health checks. See Load balancer guide. Currently, at most one health check can be specified for each backend service. Backend services with instance group or zonal NEG backends must have a health check. Backend services with internet or serverless NEG backends must not have a health check.", "items": { "type": "string" }, "type": "array" }, "iap": { "$ref": "#/definitions/BackendServiceIAP", "description": "The configurations for Identity-Aware Proxy on this resource. Not available for internal passthrough Network Load Balancers and external passthrough Network Load Balancers." }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "kind": { "default": "compute#backendService", "description": "[Output Only] Type of resource. Always compute#backendService for backend services.", "type": "string" }, "loadBalancingScheme": { "description": "Specifies the load balancer type. A backend service created for one type of load balancer cannot be used with another. For more information, refer to Choosing a load balancer.", "enum": [ "EXTERNAL", "EXTERNAL_MANAGED", "INTERNAL", "INTERNAL_MANAGED", "INTERNAL_SELF_MANAGED", "INVALID_LOAD_BALANCING_SCHEME" ], "type": "string" }, "localityLbPolicies": { "description": "A list of locality load-balancing policies to be used in order of preference. When you use localityLbPolicies, you must set at least one value for either the localityLbPolicies[].policy or the localityLbPolicies[].customPolicy field. localityLbPolicies overrides any value set in the localityLbPolicy field. For an example of how to use this field, see Define a list of preferred policies. Caution: This field and its children are intended for use in a service mesh that includes gRPC clients only. Envoy proxies can't use backend services that have this configuration.", "items": { "$ref": "#/definitions/BackendServiceLocalityLoadBalancingPolicyConfig" }, "type": "array" }, "localityLbPolicy": { "description": "The load balancing algorithm used within the scope of the locality. The possible values are: - ROUND_ROBIN: This is a simple policy in which each healthy backend is selected in round robin order. This is the default. - LEAST_REQUEST: An O(1) algorithm which selects two random healthy hosts and picks the host which has fewer active requests. - RING_HASH: The ring/modulo hash load balancer implements consistent hashing to backends. The algorithm has the property that the addition/removal of a host from a set of N hosts only affects 1/N of the requests. - RANDOM: The load balancer selects a random healthy host. - ORIGINAL_DESTINATION: Backend host is selected based on the client connection metadata, i.e., connections are opened to the same address as the destination address of the incoming connection before the connection was redirected to the load balancer. - MAGLEV: used as a drop in replacement for the ring hash load balancer. Maglev is not as stable as ring hash but has faster table lookup build times and host selection times. For more information about Maglev, see https://ai.google/research/pubs/pub44824 This field is applicable to either: - A regional backend service with the service_protocol set to HTTP, HTTPS, or HTTP2, and load_balancing_scheme set to INTERNAL_MANAGED. - A global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED, INTERNAL_MANAGED, or EXTERNAL_MANAGED. If sessionAffinity is not NONE, and this field is not set to MAGLEV or RING_HASH, session affinity settings will not take effect. Only ROUND_ROBIN and RING_HASH are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.", "enum": [ "INVALID_LB_POLICY", "LEAST_REQUEST", "MAGLEV", "ORIGINAL_DESTINATION", "RANDOM", "RING_HASH", "ROUND_ROBIN", "WEIGHTED_MAGLEV" ], "type": "string" }, "logConfig": { "$ref": "#/definitions/BackendServiceLogConfig", "description": "This field denotes the logging options for the load balancer traffic served by this backend service. If logging is enabled, logs will be exported to Stackdriver." }, "maxStreamDuration": { "$ref": "#/definitions/Duration", "description": "Specifies the default maximum duration (timeout) for streams to this service. Duration is computed from the beginning of the stream until the response has been completely processed, including all retries. A stream that does not complete in this duration is closed. If not specified, there will be no timeout limit, i.e. the maximum duration is infinite. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. This field is only allowed when the loadBalancingScheme of the backend service is INTERNAL_SELF_MANAGED." }, "metadatas": { "additionalProperties": { "type": "string" }, "description": "Deployment metadata associated with the resource to be set by a GKE hub controller and read by the backend RCTH", "type": "object" }, "name": { "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "network": { "description": "The URL of the network to which this backend service belongs. This field can only be specified when the load balancing scheme is set to INTERNAL.", "type": "string" }, "outlierDetection": { "$ref": "#/definitions/OutlierDetection", "description": "Settings controlling the ejection of unhealthy backend endpoints from the load balancing pool of each individual proxy instance that processes the traffic for the given backend service. If not set, this feature is considered disabled. Results of the outlier detection algorithm (ejection of endpoints from the load balancing pool and returning them back to the pool) are executed independently by each proxy instance of the load balancer. In most cases, more than one proxy instance handles the traffic received by a backend service. Thus, it is possible that an unhealthy endpoint is detected and ejected by only some of the proxies, and while this happens, other proxies may continue to send requests to the same unhealthy endpoint until they detect and eject the unhealthy endpoint. Applicable backend endpoints can be: - VM instances in an Instance Group - Endpoints in a Zonal NEG (GCE_VM_IP, GCE_VM_IP_PORT) - Endpoints in a Hybrid Connectivity NEG (NON_GCP_PRIVATE_IP_PORT) - Serverless NEGs, that resolve to Cloud Run, App Engine, or Cloud Functions Services - Private Service Connect NEGs, that resolve to Google-managed regional API endpoints or managed services published using Private Service Connect Applicable backend service types can be: - A global backend service with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL_MANAGED. - A regional backend service with the serviceProtocol set to HTTP, HTTPS, or HTTP2, and loadBalancingScheme set to INTERNAL_MANAGED or EXTERNAL_MANAGED. Not supported for Serverless NEGs. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true." }, "port": { "deprecated": true, "description": "Deprecated in favor of portName. The TCP port to connect on the backend. The default value is 80. For internal passthrough Network Load Balancers and external passthrough Network Load Balancers, omit port.", "type": "integer" }, "portName": { "description": "A named port on a backend instance group representing the port for communication to the backend VMs in that group. The named port must be [defined on each backend instance group](https://cloud.google.com/load-balancing/docs/backend-service#named_ports). This parameter has no meaning if the backends are NEGs. For internal passthrough Network Load Balancers and external passthrough Network Load Balancers, omit port_name.", "type": "string" }, "protocol": { "description": "The protocol this BackendService uses to communicate with backends. Possible values are HTTP, HTTPS, HTTP2, TCP, SSL, UDP or GRPC. depending on the chosen load balancer or Traffic Director configuration. Refer to the documentation for the load balancers or for Traffic Director for more information. Must be set to GRPC when the backend service is referenced by a URL map that is bound to target gRPC proxy.", "enum": [ "GRPC", "HTTP", "HTTP2", "HTTPS", "SSL", "TCP", "UDP", "UNSPECIFIED" ], "type": "string" }, "region": { "description": "[Output Only] URL of the region where the regional backend service resides. This field is not applicable to global backend services. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", "type": "string" }, "securityPolicy": { "description": "[Output Only] The resource URL for the security policy associated with this backend service.", "type": "string" }, "securitySettings": { "$ref": "#/definitions/SecuritySettings", "description": "This field specifies the security settings that apply to this backend service. This field is applicable to a global backend service with the load_balancing_scheme set to INTERNAL_SELF_MANAGED." }, "selfLink": { "description": "[Output Only] Server-defined URL for the resource.", "type": "string" }, "serviceBindings": { "description": "URLs of networkservices.ServiceBinding resources. Can only be set if load balancing scheme is INTERNAL_SELF_MANAGED. If set, lists of backends and health checks must be both empty.", "items": { "type": "string" }, "type": "array" }, "sessionAffinity": { "description": "Type of session affinity to use. The default is NONE. Only NONE and HEADER_FIELD are supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. For more details, see: [Session Affinity](https://cloud.google.com/load-balancing/docs/backend-service#session_affinity).", "enum": [ "CLIENT_IP", "CLIENT_IP_NO_DESTINATION", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE", "NONE" ], "type": "string" }, "subsetting": { "$ref": "#/definitions/Subsetting" }, "timeoutSec": { "description": "The backend service timeout has a different meaning depending on the type of load balancer. For more information see, Backend service settings. The default is 30 seconds. The full range of timeout values allowed goes from 1 through 2,147,483,647 seconds. This value can be overridden in the PathMatcher configuration of the UrlMap that references this backend service. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true. Instead, use maxStreamDuration.", "type": "integer" }, "usedBy": { "items": { "$ref": "#/definitions/BackendServiceUsedBy" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/BackendService", "modUri": "tmod:@turbot/gcp-network" }}backendServiceAka
{ "type": "string", "pattern": "^gcp://compute.googleapis.com/projects/[a-z0-9-]{5,29}[a-z0-9]{1}/global/backendServices/[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?$", "tests": [ { "descritpion": "base case", "input": "gcp://compute.googleapis.com/projects/aar-a4b6d489/global/backendServices/test01" }, { "description": "invalid - invalid name", "input": "gcp://compute.googleapis.com/projects/aar-a4b6d489/global/backendServices/test01-", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/backendServiceAka", "modUri": "tmod:@turbot/gcp-network" }}BackendServiceCdnPolicy
{ "description": "Message containing Cloud CDN configuration for a backend service.", "properties": { "bypassCacheOnRequestHeaders": { "description": "Bypass the cache when the specified request headers are matched - e.g. Pragma or Authorization headers. Up to 5 headers can be specified. The cache is bypassed for all cdnPolicy.cacheMode settings.", "items": { "$ref": "#/definitions/BackendServiceCdnPolicyBypassCacheOnRequestHeader" }, "type": "array" }, "cacheKeyPolicy": { "$ref": "#/definitions/CacheKeyPolicy", "description": "The CacheKeyPolicy for this CdnPolicy." }, "cacheMode": { "description": "Specifies the cache setting for all responses from this backend. The possible values are: USE_ORIGIN_HEADERS Requires the origin to set valid caching headers to cache content. Responses without these headers will not be cached at Google's edge, and will require a full trip to the origin on every request, potentially impacting performance and increasing load on the origin server. FORCE_CACHE_ALL Cache all content, ignoring any \"private\", \"no-store\" or \"no-cache\" directives in Cache-Control response headers. Warning: this may result in Cloud CDN caching private, per-user (user identifiable) content. CACHE_ALL_STATIC Automatically cache static content, including common image formats, media (video and audio), and web assets (JavaScript and CSS). Requests and responses that are marked as uncacheable, as well as dynamic content (including HTML), will not be cached.", "enum": [ "CACHE_ALL_STATIC", "FORCE_CACHE_ALL", "INVALID_CACHE_MODE", "USE_ORIGIN_HEADERS" ], "type": "string" }, "clientTtl": { "description": "Specifies a separate client (e.g. browser client) maximum TTL. This is used to clamp the max-age (or Expires) value sent to the client. With FORCE_CACHE_ALL, the lesser of client_ttl and default_ttl is used for the response max-age directive, along with a \"public\" directive. For cacheable content in CACHE_ALL_STATIC mode, client_ttl clamps the max-age from the origin (if specified), or else sets the response max-age directive to the lesser of the client_ttl and default_ttl, and also ensures a \"public\" cache-control directive is present. If a client TTL is not specified, a default value (1 hour) will be used. The maximum allowed value is 31,622,400s (1 year).", "type": "integer" }, "defaultTtl": { "description": "Specifies the default TTL for cached content served by this origin for responses that do not have an existing valid TTL (max-age or s-max-age). Setting a TTL of \"0\" means \"always revalidate\". The value of defaultTTL cannot be set to a value greater than that of maxTTL, but can be equal. When the cacheMode is set to FORCE_CACHE_ALL, the defaultTTL will overwrite the TTL set in all responses. The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.", "type": "integer" }, "maxTtl": { "description": "Specifies the maximum allowed TTL for cached content served by this origin. Cache directives that attempt to set a max-age or s-maxage higher than this, or an Expires header more than maxTTL seconds in the future will be capped at the value of maxTTL, as if it were the value of an s-maxage Cache-Control directive. Headers sent to the client will not be modified. Setting a TTL of \"0\" means \"always revalidate\". The maximum allowed value is 31,622,400s (1 year), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.", "type": "integer" }, "negativeCaching": { "description": "Negative caching allows per-status code TTLs to be set, in order to apply fine-grained caching for common errors or redirects. This can reduce the load on your origin and improve end-user experience by reducing response latency. When the cache mode is set to CACHE_ALL_STATIC or USE_ORIGIN_HEADERS, negative caching applies to responses with the specified response code that lack any Cache-Control, Expires, or Pragma: no-cache directives. When the cache mode is set to FORCE_CACHE_ALL, negative caching applies to all responses with the specified response code, and override any caching headers. By default, Cloud CDN will apply the following default TTLs to these status codes: HTTP 300 (Multiple Choice), 301, 308 (Permanent Redirects): 10m HTTP 404 (Not Found), 410 (Gone), 451 (Unavailable For Legal Reasons): 120s HTTP 405 (Method Not Found), 421 (Misdirected Request), 501 (Not Implemented): 60s. These defaults can be overridden in negative_caching_policy.", "type": "boolean" }, "negativeCachingPolicy": { "description": "Sets a cache TTL for the specified HTTP status code. negative_caching must be enabled to configure negative_caching_policy. Omitting the policy and leaving negative_caching enabled will use Cloud CDN's default cache TTLs. Note that when specifying an explicit negative_caching_policy, you should take care to specify a cache TTL for all response codes that you wish to cache. Cloud CDN will not apply any default negative caching when a policy exists.", "items": { "$ref": "#/definitions/BackendServiceCdnPolicyNegativeCachingPolicy" }, "type": "array" }, "requestCoalescing": { "description": "If true then Cloud CDN will combine multiple concurrent cache fill requests into a small number of requests to the origin.", "type": "boolean" }, "serveWhileStale": { "description": "Serve existing content from the cache (if available) when revalidating content with the origin, or when an error is encountered when refreshing the cache. This setting defines the default \"max-stale\" duration for any cached responses that do not specify a max-stale directive. Stale responses that exceed the TTL configured here will not be served. The default limit (max-stale) is 86400s (1 day), which will allow stale content to be served up to this limit beyond the max-age (or s-max-age) of a cached response. The maximum allowed value is 604800 (1 week). Set this to zero (0) to disable serve-while-stale.", "type": "integer" }, "signedUrlCacheMaxAgeSec": { "description": "Maximum number of seconds the response to a signed URL request will be considered fresh. After this time period, the response will be revalidated before being served. Defaults to 1hr (3600s). When serving responses to signed URL requests, Cloud CDN will internally behave as though all responses from this backend had a \"Cache-Control: public, max-age=[TTL]\" header, regardless of any existing Cache-Control header. The actual headers served in responses will not be altered.", "type": "string" }, "signedUrlKeyNames": { "description": "[Output Only] Names of the keys for signing request URLs.", "items": { "type": "string" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/BackendServiceCdnPolicy", "modUri": "tmod:@turbot/gcp-network" }}BackendServiceCdnPolicyBypassCacheOnRequestHeader
{ "description": "Bypass the cache when the specified request headers are present, e.g. Pragma or Authorization headers. Values are case insensitive. The presence of such a header overrides the cache_mode setting.", "properties": { "headerName": { "description": "The header field name to match on when bypassing cache. Values are case-insensitive.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/BackendServiceCdnPolicyBypassCacheOnRequestHeader", "modUri": "tmod:@turbot/gcp-network" }}BackendServiceCdnPolicyNegativeCachingPolicy
{ "description": "Specify CDN TTLs for response error codes.", "properties": { "code": { "description": "The HTTP status code to define a TTL against. Only HTTP status codes 300, 301, 302, 307, 308, 404, 405, 410, 421, 451 and 501 are can be specified as values, and you cannot specify a status code more than once.", "type": "integer" }, "ttl": { "description": "The TTL (in seconds) for which to cache responses with the corresponding status code. The maximum allowed value is 1800s (30 minutes), noting that infrequently accessed objects may be evicted from the cache before the defined TTL.", "type": "integer" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/BackendServiceCdnPolicyNegativeCachingPolicy", "modUri": "tmod:@turbot/gcp-network" }}BackendServiceConnectionTrackingPolicy
{ "description": "Connection Tracking configuration for this BackendService.", "properties": { "connectionPersistenceOnUnhealthyBackends": { "description": "Specifies connection persistence when backends are unhealthy. The default value is DEFAULT_FOR_PROTOCOL. If set to DEFAULT_FOR_PROTOCOL, the existing connections persist on unhealthy backends only for connection-oriented protocols (TCP and SCTP) and only if the Tracking Mode is PER_CONNECTION (default tracking mode) or the Session Affinity is configured for 5-tuple. They do not persist for UDP. If set to NEVER_PERSIST, after a backend becomes unhealthy, the existing connections on the unhealthy backend are never persisted on the unhealthy backend. They are always diverted to newly selected healthy backends (unless all backends are unhealthy). If set to ALWAYS_PERSIST, existing connections always persist on unhealthy backends regardless of protocol and session affinity. It is generally not recommended to use this mode overriding the default. For more details, see [Connection Persistence for Network Load Balancing](https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#connection-persistence) and [Connection Persistence for Internal TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/internal#connection-persistence).", "enum": [ "ALWAYS_PERSIST", "DEFAULT_FOR_PROTOCOL", "NEVER_PERSIST" ], "type": "string" }, "enableStrongAffinity": { "description": "Enable Strong Session Affinity for external passthrough Network Load Balancers. This option is not available publicly.", "type": "boolean" }, "idleTimeoutSec": { "description": "Specifies how long to keep a Connection Tracking entry while there is no matching traffic (in seconds). For internal passthrough Network Load Balancers: - The minimum (default) is 10 minutes and the maximum is 16 hours. - It can be set only if Connection Tracking is less than 5-tuple (i.e. Session Affinity is CLIENT_IP_NO_DESTINATION, CLIENT_IP or CLIENT_IP_PROTO, and Tracking Mode is PER_SESSION). For external passthrough Network Load Balancers the default is 60 seconds. This option is not available publicly.", "type": "integer" }, "trackingMode": { "description": "Specifies the key used for connection tracking. There are two options: - PER_CONNECTION: This is the default mode. The Connection Tracking is performed as per the Connection Key (default Hash Method) for the specific protocol. - PER_SESSION: The Connection Tracking is performed as per the configured Session Affinity. It matches the configured Session Affinity. For more details, see [Tracking Mode for Network Load Balancing](https://cloud.google.com/load-balancing/docs/network/networklb-backend-service#tracking-mode) and [Tracking Mode for Internal TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/internal#tracking-mode).", "enum": [ "INVALID_TRACKING_MODE", "PER_CONNECTION", "PER_SESSION" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/BackendServiceConnectionTrackingPolicy", "modUri": "tmod:@turbot/gcp-network" }}BackendServiceFailoverPolicy
{ "description": "For load balancers that have configurable failover: [Internal passthrough Network Load Balancers](https://cloud.google.com/load-balancing/docs/internal/failover-overview) and [external passthrough Network Load Balancers](https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview). On failover or failback, this field indicates whether connection draining will be honored. Google Cloud has a fixed connection draining timeout of 10 minutes. A setting of true terminates existing TCP connections to the active pool during failover and failback, immediately draining traffic. A setting of false allows existing TCP connections to persist, even on VMs no longer in the active pool, for up to the duration of the connection draining timeout (10 minutes).", "properties": { "disableConnectionDrainOnFailover": { "description": "This can be set to true only if the protocol is TCP. The default is false.", "type": "boolean" }, "dropTrafficIfUnhealthy": { "description": "If set to true, connections to the load balancer are dropped when all primary and all backup backend VMs are unhealthy.If set to false, connections are distributed among all primary VMs when all primary and all backup backend VMs are unhealthy. For load balancers that have configurable failover: [Internal passthrough Network Load Balancers](https://cloud.google.com/load-balancing/docs/internal/failover-overview) and [external passthrough Network Load Balancers](https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview). The default is false.", "type": "boolean" }, "failoverRatio": { "description": "The value of the field must be in the range [0, 1]. If the value is 0, the load balancer performs a failover when the number of healthy primary VMs equals zero. For all other values, the load balancer performs a failover when the total number of healthy primary VMs is less than this ratio. For load balancers that have configurable failover: [Internal TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/internal/failover-overview) and [external TCP/UDP Load Balancing](https://cloud.google.com/load-balancing/docs/network/networklb-failover-overview).", "type": "number" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/BackendServiceFailoverPolicy", "modUri": "tmod:@turbot/gcp-network" }}BackendServiceIAP
{ "description": "Identity-Aware Proxy", "properties": { "enabled": { "description": "Whether the serving infrastructure will authenticate and authorize all incoming requests.", "type": "boolean" }, "oauth2ClientId": { "description": "OAuth2 client ID to use for the authentication flow.", "type": "string" }, "oauth2ClientSecret": { "description": "OAuth2 client secret to use for the authentication flow. For security reasons, this value cannot be retrieved via the API. Instead, the SHA-256 hash of the value is returned in the oauth2ClientSecretSha256 field. @InputOnly", "type": "string" }, "oauth2ClientSecretSha256": { "description": "[Output Only] SHA256 hash value for the field oauth2_client_secret above.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/BackendServiceIAP", "modUri": "tmod:@turbot/gcp-network" }}BackendServiceLocalityLoadBalancingPolicyConfig
{ "description": "Container for either a built-in LB policy supported by gRPC or Envoy or a custom one implemented by the end user.", "properties": { "customPolicy": { "$ref": "#/components/schemas/BackendServiceLocalityLoadBalancingPolicyConfigCustomPolicy" }, "policy": { "$ref": "#/components/schemas/BackendServiceLocalityLoadBalancingPolicyConfigPolicy" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/BackendServiceLocalityLoadBalancingPolicyConfig", "modUri": "tmod:@turbot/gcp-network" }}BackendServiceLocalityLoadBalancingPolicyConfigCustomPolicy
{ "description": "The configuration for a custom policy implemented by the user and deployed with the client.", "properties": { "data": { "description": "An optional, arbitrary JSON object with configuration data, understood by a locally installed custom policy implementation.", "type": "string" }, "name": { "description": "Identifies the custom policy. The value should match the name of a custom implementation registered on the gRPC clients. It should follow protocol buffer message naming conventions and include the full path (for example, myorg.CustomLbPolicy). The maximum length is 256 characters. Do not specify the same custom policy more than once for a backend. If you do, the configuration is rejected. For an example of how to use this field, see Use a custom policy.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/BackendServiceLocalityLoadBalancingPolicyConfigCustomPolicy", "modUri": "tmod:@turbot/gcp-network" }}BackendServiceLocalityLoadBalancingPolicyConfigPolicy
{ "description": "The configuration for a built-in load balancing policy.", "properties": { "name": { "description": "The name of a locality load-balancing policy. Valid values include ROUND_ROBIN and, for Java clients, LEAST_REQUEST. For information about these values, see the description of localityLbPolicy. Do not specify the same policy more than once for a backend. If you do, the configuration is rejected.", "enum": [ "INVALID_LB_POLICY", "LEAST_REQUEST", "MAGLEV", "ORIGINAL_DESTINATION", "RANDOM", "RING_HASH", "ROUND_ROBIN", "WEIGHTED_MAGLEV" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/BackendServiceLocalityLoadBalancingPolicyConfigPolicy", "modUri": "tmod:@turbot/gcp-network" }}BackendServiceLogConfig
{ "description": "The available logging options for the load balancer traffic served by this backend service.", "properties": { "enable": { "description": "Denotes whether to enable logging for the load balancer traffic served by this backend service. The default value is false.", "type": "boolean" }, "optionalFields": { "description": "This field can only be specified if logging is enabled for this backend service and \"logConfig.optionalMode\" was set to CUSTOM. Contains a list of optional fields you want to include in the logs. For example: serverInstance, serverGkeDetails.cluster, serverGkeDetails.pod.podNamespace", "items": { "type": "string" }, "type": "array" }, "optionalMode": { "description": "This field can only be specified if logging is enabled for this backend service. Configures whether all, none or a subset of optional fields should be added to the reported logs. One of [INCLUDE_ALL_OPTIONAL, EXCLUDE_ALL_OPTIONAL, CUSTOM]. Default is EXCLUDE_ALL_OPTIONAL.", "enum": [ "CUSTOM", "EXCLUDE_ALL_OPTIONAL", "INCLUDE_ALL_OPTIONAL" ], "type": "string" }, "sampleRate": { "description": "This field can only be specified if logging is enabled for this backend service. The value of the field must be in [0, 1]. This configures the sampling rate of requests to the load balancer where 1.0 means all logged requests are reported and 0.0 means no logged requests are reported. The default value is 1.0.", "type": "number" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/BackendServiceLogConfig", "modUri": "tmod:@turbot/gcp-network" }}BackendServiceUsedBy
{ "properties": { "reference": { "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/BackendServiceUsedBy", "modUri": "tmod:@turbot/gcp-network" }}Binding
{ "description": "Associates `members`, or principals, with a `role`.", "properties": { "bindingId": { "description": "This is deprecated and has no effect. Do not use.", "type": "string" }, "condition": { "$ref": "#/definitions/Expr", "description": "The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies)." }, "members": { "description": "Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workforce identity pool. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/group/{group_id}`: All workforce identities in a group. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All workforce identities with a specific attribute value. * `principalSet://iam.googleapis.com/locations/global/workforcePools/{pool_id}/*`: All identities in a workforce identity pool. * `principal://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/subject/{subject_attribute_value}`: A single identity in a workload identity pool. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/group/{group_id}`: A workload identity pool group. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/attribute.{attribute_name}/{attribute_value}`: All identities in a workload identity pool with a certain attribute. * `principalSet://iam.googleapis.com/projects/{project_number}/locations/global/workloadIdentityPools/{pool_id}/*`: All identities in a workload identity pool. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding. * `deleted:principal://iam.googleapis.com/locations/global/workforcePools/{pool_id}/subject/{subject_attribute_value}`: Deleted single identity in a workforce identity pool. For example, `deleted:principal://iam.googleapis.com/locations/global/workforcePools/my-pool-id/subject/my-subject-attribute-value`.", "items": { "type": "string" }, "type": "array" }, "role": { "description": "Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`. For an overview of the IAM roles and permissions, see the [IAM documentation](https://cloud.google.com/iam/docs/roles-overview). For a list of the available pre-defined roles, see [here](https://cloud.google.com/iam/docs/understanding-roles).", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/Binding", "modUri": "tmod:@turbot/gcp-network" }}CacheKeyPolicy
{ "description": "Message containing what to include in the cache key for a request for Cloud CDN.", "properties": { "includeHost": { "description": "If true, requests to different hosts will be cached separately.", "type": "boolean" }, "includeHttpHeaders": { "description": "Allows HTTP request headers (by name) to be used in the cache key.", "items": { "type": "string" }, "type": "array" }, "includeNamedCookies": { "description": "Allows HTTP cookies (by name) to be used in the cache key. The name=value pair will be used in the cache key Cloud CDN generates.", "items": { "type": "string" }, "type": "array" }, "includeProtocol": { "description": "If true, http and https requests will be cached separately.", "type": "boolean" }, "includeQueryString": { "description": "If true, include query string parameters in the cache key according to query_string_whitelist and query_string_blacklist. If neither is set, the entire query string will be included. If false, the query string will be excluded from the cache key entirely.", "type": "boolean" }, "queryStringBlacklist": { "description": "Names of query string parameters to exclude in cache keys. All other parameters will be included. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.", "items": { "type": "string" }, "type": "array" }, "queryStringWhitelist": { "description": "Names of query string parameters to include in cache keys. All other parameters will be excluded. Either specify query_string_whitelist or query_string_blacklist, not both. '&' and '=' will be percent encoded and not treated as delimiters.", "items": { "type": "string" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/CacheKeyPolicy", "modUri": "tmod:@turbot/gcp-network" }}CircuitBreakers
{ "description": "Settings controlling the volume of requests, connections and retries to this backend service.", "properties": { "maxConnections": { "description": "The maximum number of connections to the backend service. If not specified, there is no limit. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.", "type": "integer" }, "maxPendingRequests": { "description": "The maximum number of pending requests allowed to the backend service. If not specified, there is no limit. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.", "type": "integer" }, "maxRequests": { "description": "The maximum number of parallel requests that allowed to the backend service. If not specified, there is no limit.", "type": "integer" }, "maxRequestsPerConnection": { "description": "Maximum requests for a single connection to the backend service. This parameter is respected by both the HTTP/1.1 and HTTP/2 implementations. If not specified, there is no limit. Setting this parameter to 1 will effectively disable keep alive. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.", "type": "integer" }, "maxRetries": { "description": "The maximum number of parallel retries allowed to the backend cluster. If not specified, the default is 1. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true.", "type": "integer" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/CircuitBreakers", "modUri": "tmod:@turbot/gcp-network" }}Condition
{ "description": "This is deprecated and has no effect. Do not use.", "properties": { "iam": { "description": "This is deprecated and has no effect. Do not use.", "enum": [ "APPROVER", "ATTRIBUTION", "AUTHORITY", "CREDENTIALS_TYPE", "CREDS_ASSERTION", "JUSTIFICATION_TYPE", "NO_ATTR", "SECURITY_REALM" ], "type": "string" }, "op": { "description": "This is deprecated and has no effect. Do not use.", "enum": [ "DISCHARGED", "EQUALS", "IN", "NOT_EQUALS", "NOT_IN", "NO_OP" ], "type": "string" }, "svc": { "description": "This is deprecated and has no effect. Do not use.", "type": "string" }, "sys": { "description": "This is deprecated and has no effect. Do not use.", "enum": [ "IP", "NAME", "NO_ATTR", "REGION", "SERVICE" ], "type": "string" }, "values": { "description": "This is deprecated and has no effect. Do not use.", "items": { "type": "string" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/Condition", "modUri": "tmod:@turbot/gcp-network" }}ConnectionDraining
{ "description": "Message containing connection draining configuration.", "properties": { "drainingTimeoutSec": { "description": "Configures a duration timeout for existing requests on a removed backend instance. For supported load balancers and protocols, as described in Enabling connection draining.", "type": "integer" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/ConnectionDraining", "modUri": "tmod:@turbot/gcp-network" }}ConsistentHashLoadBalancerSettings
{ "description": "This message defines settings for a consistent hash style load balancer.", "properties": { "httpCookie": { "$ref": "#/definitions/ConsistentHashLoadBalancerSettingsHttpCookie", "description": "Hash is based on HTTP Cookie. This field describes a HTTP cookie that will be used as the hash key for the consistent hash load balancer. If the cookie is not present, it will be generated. This field is applicable if the sessionAffinity is set to HTTP_COOKIE. Not supported when the backend service is referenced by a URL map that is bound to target gRPC proxy that has validateForProxyless field set to true." }, "httpHeaderName": { "description": "The hash based on the value of the specified header field. This field is applicable if the sessionAffinity is set to HEADER_FIELD.", "type": "string" }, "minimumRingSize": { "description": "The minimum number of virtual nodes to use for the hash ring. Defaults to 1024. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/ConsistentHashLoadBalancerSettings", "modUri": "tmod:@turbot/gcp-network" }}ConsistentHashLoadBalancerSettingsHttpCookie
{ "description": "The information about the HTTP Cookie on which the hash function is based for load balancing policies that use a consistent hash.", "properties": { "name": { "description": "Name of the cookie.", "type": "string" }, "path": { "description": "Path to set for the cookie.", "type": "string" }, "ttl": { "$ref": "#/definitions/Duration", "description": "Lifetime of the cookie." } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/ConsistentHashLoadBalancerSettingsHttpCookie", "modUri": "tmod:@turbot/gcp-network" }}CorsPolicy
{ "description": "The specification for allowing client-side cross-origin requests. For more information about the W3C recommendation for cross-origin resource sharing (CORS), see Fetch API Living Standard.", "properties": { "allowCredentials": { "description": "In response to a preflight request, setting this to true indicates that the actual request can include user credentials. This field translates to the Access-Control-Allow-Credentials header. Default is false.", "type": "boolean" }, "allowHeaders": { "description": "Specifies the content for the Access-Control-Allow-Headers header.", "items": { "type": "string" }, "type": "array" }, "allowMethods": { "description": "Specifies the content for the Access-Control-Allow-Methods header.", "items": { "type": "string" }, "type": "array" }, "allowOriginRegexes": { "description": "Specifies a regular expression that matches allowed origins. For more information about the regular expression syntax, see Syntax. An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes. Regular expressions can only be used when the loadBalancingScheme is set to INTERNAL_SELF_MANAGED.", "items": { "type": "string" }, "type": "array" }, "allowOrigins": { "description": "Specifies the list of origins that is allowed to do CORS requests. An origin is allowed if it matches either an item in allowOrigins or an item in allowOriginRegexes.", "items": { "type": "string" }, "type": "array" }, "disabled": { "description": "If true, the setting specifies the CORS policy is disabled. The default value of false, which indicates that the CORS policy is in effect.", "type": "boolean" }, "exposeHeaders": { "description": "Specifies the content for the Access-Control-Expose-Headers header.", "items": { "type": "string" }, "type": "array" }, "maxAge": { "description": "Specifies how long results of a preflight request can be cached in seconds. This field translates to the Access-Control-Max-Age header.", "type": "integer" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/CorsPolicy", "modUri": "tmod:@turbot/gcp-network" }}Duration
{ "description": "A Duration represents a fixed-length span of time represented as a count of seconds and fractions of seconds at nanosecond resolution. It is independent of any calendar and concepts like \"day\" or \"month\". Range is approximately 10,000 years.", "properties": { "nanos": { "description": "Span of time that's a fraction of a second at nanosecond resolution. Durations less than one second are represented with a 0 `seconds` field and a positive `nanos` field. Must be from 0 to 999,999,999 inclusive.", "type": "integer" }, "seconds": { "description": "Span of time at a resolution of a second. Must be from 0 to 315,576,000,000 inclusive. Note: these bounds are computed from: 60 sec/min * 60 min/hr * 24 hr/day * 365.25 days/year * 10000 years", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/Duration", "modUri": "tmod:@turbot/gcp-network" }}Expr
{ "description": "Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: \"Summary size limit\" description: \"Determines if a summary is less than 100 chars\" expression: \"document.summary.size() < 100\" Example (Equality): title: \"Requestor is owner\" description: \"Determines if requestor is the document owner\" expression: \"document.owner == request.auth.claims.email\" Example (Logic): title: \"Public documents\" description: \"Determine whether the document should be publicly visible\" expression: \"document.type != 'private' && document.type != 'internal'\" Example (Data Manipulation): title: \"Notification string\" description: \"Create a notification string with a timestamp.\" expression: \"'New message received at ' + string(document.create_time)\" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.", "properties": { "description": { "description": "Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.", "type": "string" }, "expression": { "description": "Textual representation of an expression in Common Expression Language syntax.", "type": "string" }, "location": { "description": "Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.", "type": "string" }, "title": { "description": "Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/Expr", "modUri": "tmod:@turbot/gcp-network" }}firewall
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/resourceName" }, "allowed": { "$ref": "#/definitions/firewallAllowed" }, "sourceRanges": { "$ref": "#/definitions/firewallSourceRanges" }, "direction": { "$ref": "#/definitions/firewallDirection" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/firewallAka" } }, "title": { "$ref": "#/definitions/resourceName" }, "custom": { "type": "object", "properties": { "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "gcp": { "$ref": "gcp#/definitions/gcpMetadata" } } } } } }, "required": [ "name", "turbot" ], "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "name": "tes01", "turbot": { "akas": [ "gcp://compute.googleapis.com/projects/aar-a4b6d489/global/firewalls/test01" ], "custom": { "createTimestamp": "2017-03-05T13:58:05.590Z", "gcp": { "projectId": "aar-a4b6d489" } } } } }, { "description": "Invalid - Missing name", "input": { "turbot": { "akas": [ "gcp://cloudresourcemanager.googleapis.com/projects/aar-a4b6d489/global/firewalls/test01" ], "custom": { "createTimestamp": "2017-03-05T13:58:05.590Z", "gcp": { "projectId": "aar-a4b6d489" } } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "name": "tes01" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/firewall", "modUri": "tmod:@turbot/gcp-network" }}Firewall
{ "description": "Represents a Firewall Rule resource. Firewall rules allow or deny ingress traffic to, and egress traffic from your instances. For more information, read Firewall rules.", "properties": { "allowed": { "description": "The list of ALLOW rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.", "items": { "properties": { "IPProtocol": { "description": "The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.", "type": "string" }, "ports": { "description": "An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"].", "items": { "type": "string" }, "type": "array" } }, "type": "object" }, "type": "array" }, "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "denied": { "description": "The list of DENY rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a denied connection.", "items": { "properties": { "IPProtocol": { "description": "The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, ipip, sctp) or the IP protocol number.", "type": "string" }, "ports": { "description": "An optional list of ports to which this rule applies. This field is only applicable for the UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: [\"22\"], [\"80\",\"443\"], and [\"12345-12349\"].", "items": { "type": "string" }, "type": "array" } }, "type": "object" }, "type": "array" }, "description": { "description": "An optional description of this resource. Provide this field when you create the resource.", "type": "string" }, "destinationRanges": { "description": "If destination ranges are specified, the firewall rule applies only to traffic that has destination IP address in these ranges. These ranges must be expressed in CIDR format. Both IPv4 and IPv6 are supported.", "items": { "type": "string" }, "type": "array" }, "direction": { "description": "Direction of traffic to which this firewall applies, either `INGRESS` or `EGRESS`. The default is `INGRESS`. For `EGRESS` traffic, you cannot specify the sourceTags fields.", "enum": [ "EGRESS", "INGRESS" ], "type": "string" }, "disabled": { "description": "Denotes whether the firewall rule is disabled. When set to true, the firewall rule is not enforced and the network behaves as if it did not exist. If this is unspecified, the firewall rule will be enabled.", "type": "boolean" }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "kind": { "default": "compute#firewall", "description": "[Output Only] Type of the resource. Always compute#firewall for firewall rules.", "type": "string" }, "logConfig": { "$ref": "#/definitions/FirewallLogConfig", "description": "This field denotes the logging options for a particular firewall rule. If logging is enabled, logs will be exported to Cloud Logging." }, "name": { "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "network": { "description": "URL of the network resource for this firewall rule. If not specified when creating a firewall rule, the default network is used: global/networks/default If you choose to specify this field, you can specify the network as a full or partial URL. For example, the following are all valid URLs: - https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network - projects/myproject/global/networks/my-network - global/networks/default ", "type": "string" }, "priority": { "description": "Priority for this rule. This is an integer between `0` and `65535`, both inclusive. The default value is `1000`. Relative priorities determine which rule takes effect if multiple rules apply. Lower values indicate higher priority. For example, a rule with priority `0` has higher precedence than a rule with priority `1`. DENY rules take precedence over ALLOW rules if they have equal priority. Note that VPC networks have implied rules with a priority of `65535`. To avoid conflicts with the implied rules, use a priority number less than `65535`.", "type": "integer" }, "selfLink": { "description": "[Output Only] Server-defined URL for the resource.", "type": "string" }, "sourceRanges": { "description": "If source ranges are specified, the firewall rule applies only to traffic that has a source IP address in these ranges. These ranges must be expressed in CIDR format. One or both of sourceRanges and sourceTags may be set. If both fields are set, the rule applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the rule to apply. Both IPv4 and IPv6 are supported.", "items": { "type": "string" }, "type": "array" }, "sourceServiceAccounts": { "description": "If source service accounts are specified, the firewall rules apply only to traffic originating from an instance with a service account in this list. Source service accounts cannot be used to control traffic to an instance's external IP address because service accounts are associated with an instance, not an IP address. sourceRanges can be set at the same time as sourceServiceAccounts. If both are set, the firewall applies to traffic that has a source IP address within the sourceRanges OR a source IP that belongs to an instance with service account listed in sourceServiceAccount. The connection does not need to match both fields for the firewall to apply. sourceServiceAccounts cannot be used at the same time as sourceTags or targetTags.", "items": { "type": "string" }, "type": "array" }, "sourceTags": { "description": "If source tags are specified, the firewall rule applies only to traffic with source IPs that match the primary network interfaces of VM instances that have the tag and are in the same VPC network. Source tags cannot be used to control traffic to an instance's external IP address, it only applies to traffic between instances in the same virtual network. Because tags are associated with instances, not IP addresses. One or both of sourceRanges and sourceTags may be set. If both fields are set, the firewall applies to traffic that has a source IP address within sourceRanges OR a source IP from a resource with a matching tag listed in the sourceTags field. The connection does not need to match both fields for the firewall to apply.", "items": { "type": "string" }, "type": "array" }, "targetServiceAccounts": { "description": "A list of service accounts indicating sets of instances located in the network that may make network connections as specified in allowed[]. targetServiceAccounts cannot be used at the same time as targetTags or sourceTags. If neither targetServiceAccounts nor targetTags are specified, the firewall rule applies to all instances on the specified network.", "items": { "type": "string" }, "type": "array" }, "targetTags": { "description": "A list of tags that controls which instances the firewall rule applies to. If targetTags are specified, then the firewall rule applies only to instances in the VPC network that have one of those tags. If no targetTags are specified, the firewall rule applies to all instances on the specified network.", "items": { "type": "string" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/Firewall", "modUri": "tmod:@turbot/gcp-network" }}firewallAka
{ "type": "string", "pattern": "^gcp://compute.googleapis.com/projects/[a-z0-9-]{5,29}[a-z0-9]{1}/global/firewalls/[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?$", "tests": [ { "descritpion": "base case", "input": "gcp://compute.googleapis.com/projects/aar-a4b6d489/global/firewalls/test01" }, { "description": "invalid - project ID too short", "input": "gcp://compute.googleapis.com/projects/bad/global/firewalls/test01", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/firewallAka", "modUri": "tmod:@turbot/gcp-network" }}firewallAllowed
{ "type": "string", "items": { "$ref": "#/definitions/firewallAllowedItems" }, ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/firewallAllowed", "modUri": "tmod:@turbot/gcp-network" }}firewallAllowedItems
{ "type": "object", "properties": { "IPProtocol": { "type": "string" }, "ports": { "type": "array", "items": { "type": "string" } } }, ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/firewallAllowedItems", "modUri": "tmod:@turbot/gcp-network" }}firewallDirection
{ "type": "string", "enum": [ "INGRESS", "EGRESS" ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/firewallDirection", "modUri": "tmod:@turbot/gcp-network" }}FirewallLogConfig
{ "description": "The available logging options for a firewall rule.", "properties": { "enable": { "description": "This field denotes whether to enable logging for a particular firewall rule.", "type": "boolean" }, "metadata": { "description": "This field can only be specified for a particular firewall rule if logging is enabled for that rule. This field denotes whether to include or exclude metadata for firewall logs.", "enum": [ "EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/FirewallLogConfig", "modUri": "tmod:@turbot/gcp-network" }}firewallSourceRanges
{ "type": "array", "items": { "type": "string" }, ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/firewallSourceRanges", "modUri": "tmod:@turbot/gcp-network" }}forwardingRule
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/resourceName" }, "IPAddress": { "type": "string" }, "IPProtocol": { "type": "string" }, "allPorts": { "type": "boolean" }, "allowGlobalAccess": { "type": "boolean" }, "backendService": { "type": "string" }, "creationTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "description": { "type": "string" }, "fingerprint": { "type": "string" }, "id": { "type": "string" }, "ipVersion": { "type": "string" }, "isMirroringCollector": { "type": "boolean" }, "kind": { "type": "string" }, "labelFingerprint": { "type": "string" }, "labels": { "$ref": "gcp#/definitions/labels" }, "loadBalancingScheme": { "type": "string" }, "metadataFilters": { "type": "string" }, "network": { "type": "string" }, "networkTier": { "type": "string" }, "portRange": { "type": "string" }, "ports": { "type": "array" }, "region": { "type": "string" }, "selfLink": { "type": "string" }, "serviceLabel": { "type": "string" }, "serviceName": { "type": "string" }, "subnetwork": { "type": "string" }, "target": { "type": "string" } }, "required": [ "name" ], "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "name": "testmeplease", "turbot": { "custom": { "gcp": { "projectId": "123-456", "regionName": "southamerica-east1" } } } } } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/forwardingRule", "modUri": "tmod:@turbot/gcp-network" }}ForwardingRule
{ "description": "Represents a Forwarding Rule resource. Forwarding rule resources in Google Cloud can be either regional or global in scope: * [Global](https://cloud.google.com/compute/docs/reference/rest/beta/globalForwardingRules) * [Regional](https://cloud.google.com/compute/docs/reference/rest/beta/forwardingRules) A forwarding rule and its corresponding IP address represent the frontend configuration of a Google Cloud load balancer. Forwarding rules can also reference target instances and Cloud VPN Classic gateways (targetVpnGateway). For more information, read Forwarding rule concepts and Using protocol forwarding.", "properties": { "IPAddress": { "description": "IP address for which this forwarding rule accepts traffic. When a client sends traffic to this IP address, the forwarding rule directs the traffic to the referenced target or backendService. While creating a forwarding rule, specifying an IPAddress is required under the following circumstances: - When the target is set to targetGrpcProxy and validateForProxyless is set to true, the IPAddress should be set to 0.0.0.0. - When the target is a Private Service Connect Google APIs bundle, you must specify an IPAddress. Otherwise, you can optionally specify an IP address that references an existing static (reserved) IP address resource. When omitted, Google Cloud assigns an ephemeral IP address. Use one of the following formats to specify an IP address while creating a forwarding rule: * IP address number, as in `100.1.2.3` * IPv6 address range, as in `2600:1234::/96` * Full resource URL, as in https://www.googleapis.com/compute/v1/projects/ project_id/regions/region/addresses/address-name * Partial URL or by name, as in: - projects/project_id/regions/region/addresses/address-name - regions/region/addresses/address-name - global/addresses/address-name - address-name The forwarding rule's target or backendService, and in most cases, also the loadBalancingScheme, determine the type of IP address that you can use. For detailed information, see [IP address specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). When reading an IPAddress, the API always returns the IP address number.", "type": "string" }, "IPProtocol": { "description": "The IP protocol to which this rule applies. For protocol forwarding, valid options are TCP, UDP, ESP, AH, SCTP, ICMP and L3_DEFAULT. The valid IP protocols are different for different load balancing products as described in [Load balancing features](https://cloud.google.com/load-balancing/docs/features#protocols_from_the_load_balancer_to_the_backends).", "enum": [ "AH", "ESP", "ICMP", "L3_DEFAULT", "SCTP", "TCP", "UDP" ], "type": "string" }, "allPorts": { "description": "The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The allPorts field has the following limitations: - It requires that the forwarding rule IPProtocol be TCP, UDP, SCTP, or L3_DEFAULT. - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal and external protocol forwarding. - Set this field to true to allow packets addressed to any port or packets lacking destination port information (for example, UDP fragments after the first fragment) to be forwarded to the backends configured with this forwarding rule. The L3_DEFAULT protocol requires allPorts be set to true. ", "type": "boolean" }, "allowGlobalAccess": { "description": "If set to true, clients can access the internal passthrough Network Load Balancers, the regional internal Application Load Balancer, and the regional internal proxy Network Load Balancer from all regions. If false, only allows access from the local region the load balancer is located at. Note that for INTERNAL_MANAGED forwarding rules, this field cannot be changed after the forwarding rule is created.", "type": "boolean" }, "allowPscGlobalAccess": { "description": "This is used in PSC consumer ForwardingRule to control whether the PSC endpoint can be accessed from another region.", "type": "boolean" }, "allowPscPacketInjection": { "description": "This is used in PSC consumer ForwardingRule to control whether the producer is allowed to inject packets into the consumer's network. If set to true, the target service attachment must have tunneling enabled and TunnelingConfig.RoutingMode set to PACKET_INJECTION Non-PSC forwarding rules should not use this field.", "type": "boolean" }, "backendService": { "description": "Identifies the backend service to which the forwarding rule sends traffic. Required for internal and external passthrough Network Load Balancers; must be omitted for all other load balancer types.", "type": "string" }, "baseForwardingRule": { "description": "[Output Only] The URL for the corresponding base forwarding rule. By base forwarding rule, we mean the forwarding rule that has the same IP address, protocol, and port settings with the current forwarding rule, but without sourceIPRanges specified. Always empty if the current forwarding rule does not have sourceIPRanges specified.", "type": "string" }, "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "description": { "description": "An optional description of this resource. Provide this property when you create the resource.", "type": "string" }, "fingerprint": { "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a ForwardingRule. Include the fingerprint in patch request to ensure that you do not overwrite changes that were applied from another concurrent request. To see the latest fingerprint, make a get() request to retrieve a ForwardingRule.", "type": "string" }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "ipVersion": { "description": "The IP Version that will be used by this forwarding rule. Valid options are IPV4 or IPV6.", "enum": [ "IPV4", "IPV6", "UNSPECIFIED_VERSION" ], "type": "string" }, "isMirroringCollector": { "description": "Indicates whether or not this load balancer can be used as a collector for packet mirroring. To prevent mirroring loops, instances behind this load balancer will not have their traffic mirrored even if a PacketMirroring rule applies to them. This can only be set to true for load balancers that have their loadBalancingScheme set to INTERNAL.", "type": "boolean" }, "kind": { "default": "compute#forwardingRule", "description": "[Output Only] Type of the resource. Always compute#forwardingRule for forwarding rule resources.", "type": "string" }, "labelFingerprint": { "description": "A fingerprint for the labels being applied to this resource, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a ForwardingRule.", "type": "string" }, "labels": { "additionalProperties": { "type": "string" }, "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.", "type": "object" }, "loadBalancingScheme": { "description": "Specifies the forwarding rule type. For more information about forwarding rules, refer to Forwarding rule concepts.", "enum": [ "EXTERNAL", "EXTERNAL_MANAGED", "INTERNAL", "INTERNAL_MANAGED", "INTERNAL_SELF_MANAGED", "INVALID" ], "type": "string" }, "metadataFilters": { "description": "Opaque filter criteria used by load balancer to restrict routing configuration to a limited set of xDS compliant clients. In their xDS requests to load balancer, xDS clients present node metadata. When there is a match, the relevant configuration is made available to those proxies. Otherwise, all the resources (e.g. TargetHttpProxy, UrlMap) referenced by the ForwardingRule are not visible to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels provided in the metadata. If multiple metadataFilters are specified, all of them need to be satisfied in order to be considered a match. metadataFilters specified here will be applifed before those specified in the UrlMap that this ForwardingRule references. metadataFilters only applies to Loadbalancers that have their loadBalancingScheme set to INTERNAL_SELF_MANAGED.", "items": { "$ref": "#/definitions/MetadataFilter" }, "type": "array" }, "name": { "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. For Private Service Connect forwarding rules that forward traffic to Google APIs, the forwarding rule name must be a 1-20 characters string with lowercase letters and numbers and must start with a letter.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "network": { "description": "This field is not used for global external load balancing. For internal passthrough Network Load Balancers, this field identifies the network that the load balanced IP should belong to for this forwarding rule. If the subnetwork is specified, the network of the subnetwork will be used. If neither subnetwork nor this field is specified, the default network will be used. For Private Service Connect forwarding rules that forward traffic to Google APIs, a network must be provided.", "type": "string" }, "networkTier": { "description": "This signifies the networking tier used for configuring this load balancer and can only take the following values: PREMIUM, STANDARD. For regional ForwardingRule, the valid values are PREMIUM and STANDARD. For GlobalForwardingRule, the valid value is PREMIUM. If this field is not specified, it is assumed to be PREMIUM. If IPAddress is specified, this value must be equal to the networkTier of the Address.", "enum": [ "FIXED_STANDARD", "PREMIUM", "STANDARD", "STANDARD_OVERRIDES_FIXED_STANDARD" ], "type": "string" }, "noAutomateDnsZone": { "description": "This is used in PSC consumer ForwardingRule to control whether it should try to auto-generate a DNS zone or not. Non-PSC forwarding rules do not use this field. Once set, this field is not mutable.", "type": "boolean" }, "portRange": { "description": "The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The portRange field has the following limitations: - It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and - It's applicable only to the following products: external passthrough Network Load Balancers, internal and external proxy Network Load Balancers, internal and external Application Load Balancers, external protocol forwarding, and Classic VPN. - Some products have restrictions on what ports can be used. See port specifications for details. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair, and cannot have overlapping portRanges. @pattern: \\\\d+(?:-\\\\d+)?", "type": "string" }, "ports": { "description": "The ports, portRange, and allPorts fields are mutually exclusive. Only packets addressed to ports in the specified range will be forwarded to the backends configured with this forwarding rule. The ports field has the following limitations: - It requires that the forwarding rule IPProtocol be TCP, UDP, or SCTP, and - It's applicable only to the following products: internal passthrough Network Load Balancers, backend service-based external passthrough Network Load Balancers, and internal protocol forwarding. - You can specify a list of up to five ports by number, separated by commas. The ports can be contiguous or discontiguous. For external forwarding rules, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. For internal forwarding rules within the same VPC network, two or more forwarding rules cannot use the same [IPAddress, IPProtocol] pair if they share at least one port number. @pattern: \\\\d+(?:-\\\\d+)?", "items": { "type": "string" }, "type": "array" }, "pscConnectionId": { "description": "[Output Only] The PSC connection id of the PSC forwarding rule.", "type": "string" }, "pscConnectionStatus": { "enum": [ "ACCEPTED", "CLOSED", "NEEDS_ATTENTION", "PENDING", "REJECTED", "STATUS_UNSPECIFIED" ], "type": "string" }, "region": { "description": "[Output Only] URL of the region where the regional forwarding rule resides. This field is not applicable to global forwarding rules. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", "type": "string" }, "selfLink": { "description": "[Output Only] Server-defined URL for the resource.", "type": "string" }, "serviceDirectoryRegistrations": { "description": "Service Directory resources to register this forwarding rule with. Currently, only supports a single Service Directory resource.", "items": { "$ref": "#/definitions/ForwardingRuleServiceDirectoryRegistration" }, "type": "array" }, "serviceLabel": { "description": "An optional prefix to the service name for this forwarding rule. If specified, the prefix is the first label of the fully qualified service name. The label must be 1-63 characters long, and comply with RFC1035. Specifically, the label must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash. This field is only used for internal load balancing.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "serviceName": { "description": "[Output Only] The internal fully qualified service name for this forwarding rule. This field is only used for internal load balancing.", "type": "string" }, "sourceIpRanges": { "description": "If not empty, this forwarding rule will only forward the traffic when the source IP address matches one of the IP addresses or CIDR ranges set here. Note that a forwarding rule can only have up to 64 source IP ranges, and this field can only be used with a regional forwarding rule whose scheme is EXTERNAL. Each source_ip_range entry should be either an IP address (for example, 1.2.3.4) or a CIDR range (for example, 1.2.3.0/24).", "items": { "type": "string" }, "type": "array" }, "subnetwork": { "description": "This field identifies the subnetwork that the load balanced IP should belong to for this forwarding rule, used with internal load balancers and external passthrough Network Load Balancers with IPv6. If the network specified is in auto subnet mode, this field is optional. However, a subnetwork must be specified if the network is in custom subnet mode or when creating external forwarding rule with IPv6.", "type": "string" }, "target": { "description": "The URL of the target resource to receive the matched traffic. For regional forwarding rules, this target must be in the same region as the forwarding rule. For global forwarding rules, this target must be a global load balancing resource. The forwarded traffic must be of a type appropriate to the target object. - For load balancers, see the \"Target\" column in [Port specifications](https://cloud.google.com/load-balancing/docs/forwarding-rule-concepts#ip_address_specifications). - For Private Service Connect forwarding rules that forward traffic to Google APIs, provide the name of a supported Google API bundle: - vpc-sc - APIs that support VPC Service Controls. - all-apis - All supported Google APIs. - For Private Service Connect forwarding rules that forward traffic to managed services, the target must be a service attachment. The target is not mutable once set as a service attachment. ", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/ForwardingRule", "modUri": "tmod:@turbot/gcp-network" }}forwardingRules
{ "type": "array", "items": { "$ref": "#/definitions/forwardingRulesItems" }, ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/forwardingRules", "modUri": "tmod:@turbot/gcp-network" }}ForwardingRuleServiceDirectoryRegistration
{ "description": "Describes the auto-registration of the forwarding rule to Service Directory. The region and project of the Service Directory resource generated from this registration will be the same as this forwarding rule.", "properties": { "namespace": { "description": "Service Directory namespace to register the forwarding rule under.", "type": "string" }, "service": { "description": "Service Directory service to register the forwarding rule under.", "type": "string" }, "serviceDirectoryRegion": { "description": "[Optional] Service Directory region to register this global forwarding rule under. Default to \"us-central1\". Only used for PSC for Google APIs. All PSC for Google APIs forwarding rules on the same network should use the same Service Directory region.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/ForwardingRuleServiceDirectoryRegistration", "modUri": "tmod:@turbot/gcp-network" }}forwardingRulesItems
{ "type": "string", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/forwardingRulesItems", "modUri": "tmod:@turbot/gcp-network" }}globalForwardingRule
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/resourceName" }, "IPAddress": { "type": "string" }, "IPProtocol": { "type": "string" }, "allPorts": { "type": "boolean" }, "allowGlobalAccess": { "type": "boolean" }, "backendService": { "type": "string" }, "creationTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "description": { "type": "string" }, "fingerprint": { "type": "string" }, "id": { "type": "string" }, "ipVersion": { "type": "string" }, "isMirroringCollector": { "type": "boolean" }, "kind": { "type": "string" }, "labelFingerprint": { "type": "string" }, "labels": { "$ref": "gcp#/definitions/labels" }, "loadBalancingScheme": { "type": "string" }, "metadataFilters": { "type": "string" }, "network": { "type": "string" }, "networkTier": { "type": "string" }, "portRange": { "type": "string" }, "ports": { "type": "array" }, "region": { "type": "string" }, "selfLink": { "type": "string" }, "serviceLabel": { "type": "string" }, "serviceName": { "type": "string" }, "subnetwork": { "type": "string" }, "target": { "type": "string" } }, "required": [ "name" ], "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "name": "testmeplease", "turbot": { "custom": { "gcp": { "projectId": "123-456" } } } } } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/globalForwardingRule", "modUri": "tmod:@turbot/gcp-network" }}HostRule
{ "description": "UrlMaps A host-matching rule for a URL. If matched, will use the named PathMatcher to select the BackendService.", "properties": { "description": { "description": "An optional description of this resource. Provide this property when you create the resource.", "type": "string" }, "hosts": { "description": "The list of host patterns to match. They must be valid hostnames with optional port numbers in the format host:port. * matches any string of ([a-z0-9-.]*). In that case, * must be the first character, and if followed by anything, the immediate following character must be either - or .. * based matching is not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.", "items": { "type": "string" }, "type": "array" }, "pathMatcher": { "description": "The name of the PathMatcher to use to match the path portion of the URL if the hostRule matches the URL's host portion.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/HostRule", "modUri": "tmod:@turbot/gcp-network" }}HttpFaultAbort
{ "description": "Specification for how requests are aborted as part of fault injection.", "properties": { "httpStatus": { "description": "The HTTP status code used to abort the request. The value must be from 200 to 599 inclusive. For gRPC protocol, the gRPC status code is mapped to HTTP status code according to this mapping table. HTTP status 200 is mapped to gRPC status UNKNOWN. Injecting an OK status is currently not supported by Traffic Director.", "type": "integer" }, "percentage": { "description": "The percentage of traffic for connections, operations, or requests that is aborted as part of fault injection. The value must be from 0.0 to 100.0 inclusive.", "type": "number" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/HttpFaultAbort", "modUri": "tmod:@turbot/gcp-network" }}HttpFaultDelay
{ "description": "Specifies the delay introduced by the load balancer before forwarding the request to the backend service as part of fault injection.", "properties": { "fixedDelay": { "$ref": "#/definitions/Duration", "description": "Specifies the value of the fixed delay interval." }, "percentage": { "description": "The percentage of traffic for connections, operations, or requests for which a delay is introduced as part of fault injection. The value must be from 0.0 to 100.0 inclusive.", "type": "number" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/HttpFaultDelay", "modUri": "tmod:@turbot/gcp-network" }}HttpFaultInjection
{ "description": "The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced by the load balancer on a percentage of requests before sending those request to the backend service. Similarly requests from clients can be aborted by the load balancer for a percentage of requests.", "properties": { "abort": { "$ref": "#/definitions/HttpFaultAbort", "description": "The specification for how client requests are aborted as part of fault injection." }, "delay": { "$ref": "#/definitions/HttpFaultDelay", "description": "The specification for how client requests are delayed as part of fault injection, before being sent to a backend service." } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/HttpFaultInjection", "modUri": "tmod:@turbot/gcp-network" }}HttpHeaderAction
{ "description": "The request and response header transformations that take effect before the request is passed along to the selected backendService.", "properties": { "requestHeadersToAdd": { "description": "Headers to add to a matching request before forwarding the request to the backendService.", "items": { "$ref": "#/definitions/HttpHeaderOption" }, "type": "array" }, "requestHeadersToRemove": { "description": "A list of header names for headers that need to be removed from the request before forwarding the request to the backendService.", "items": { "type": "string" }, "type": "array" }, "responseHeadersToAdd": { "description": "Headers to add the response before sending the response back to the client.", "items": { "$ref": "#/definitions/HttpHeaderOption" }, "type": "array" }, "responseHeadersToRemove": { "description": "A list of header names for headers that need to be removed from the response before sending the response back to the client.", "items": { "type": "string" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/HttpHeaderAction", "modUri": "tmod:@turbot/gcp-network" }}HttpHeaderMatch
{ "description": "matchRule criteria for request header matches.", "properties": { "exactMatch": { "description": "The value should exactly match contents of exactMatch. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.", "type": "string" }, "headerName": { "description": "The name of the HTTP header to match. For matching against the HTTP request's authority, use a headerMatch with the header name \":authority\". For matching a request's method, use the headerName \":method\". When the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true, only non-binary user-specified custom metadata and the `content-type` header are supported. The following transport-level headers cannot be used in header matching rules: `:authority`, `:method`, `:path`, `:scheme`, `user-agent`, `accept-encoding`, `content-encoding`, `grpc-accept-encoding`, `grpc-encoding`, `grpc-previous-rpc-attempts`, `grpc-tags-bin`, `grpc-timeout` and `grpc-trace-bin`.", "type": "string" }, "invertMatch": { "description": "If set to false, the headerMatch is considered a match if the preceding match criteria are met. If set to true, the headerMatch is considered a match if the preceding match criteria are NOT met. The default setting is false. ", "type": "boolean" }, "prefixMatch": { "description": "The value of the header must start with the contents of prefixMatch. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.", "type": "string" }, "presentMatch": { "description": "A header with the contents of headerName must exist. The match takes place whether or not the request's header has a value. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.", "type": "boolean" }, "rangeMatch": { "$ref": "#/definitions/Int64RangeMatch", "description": "The header value must be an integer and its value must be in the range specified in rangeMatch. If the header does not contain an integer, number or is empty, the match fails. For example for a range [-5, 0] - -3 will match. - 0 will not match. - 0.25 will not match. - -3someString will not match. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. rangeMatch is not supported for load balancers that have loadBalancingScheme set to EXTERNAL." }, "regexMatch": { "description": "The value of the header must match the regular expression specified in regexMatch. For more information about regular expression syntax, see Syntax. For matching against a port specified in the HTTP request, use a headerMatch with headerName set to PORT and a regular expression that satisfies the RFC2616 Host header's port specifier. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set. Regular expressions can only be used when the loadBalancingScheme is set to INTERNAL_SELF_MANAGED.", "type": "string" }, "suffixMatch": { "description": "The value of the header must end with the contents of suffixMatch. Only one of exactMatch, prefixMatch, suffixMatch, regexMatch, presentMatch or rangeMatch must be set.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/HttpHeaderMatch", "modUri": "tmod:@turbot/gcp-network" }}HttpHeaderOption
{ "description": "Specification determining how headers are added to requests or responses.", "properties": { "headerName": { "description": "The name of the header.", "type": "string" }, "headerValue": { "description": "The value of the header to add.", "type": "string" }, "replace": { "description": "If false, headerValue is appended to any values that already exist for the header. If true, headerValue is set for the header, discarding any values that were set for that header. The default value is false. ", "type": "boolean" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/HttpHeaderOption", "modUri": "tmod:@turbot/gcp-network" }}HttpQueryParameterMatch
{ "description": "HttpRouteRuleMatch criteria for a request's query parameter.", "properties": { "exactMatch": { "description": "The queryParameterMatch matches if the value of the parameter exactly matches the contents of exactMatch. Only one of presentMatch, exactMatch, or regexMatch must be set. ", "type": "string" }, "name": { "description": "The name of the query parameter to match. The query parameter must exist in the request, in the absence of which the request match fails.", "type": "string" }, "presentMatch": { "description": "Specifies that the queryParameterMatch matches if the request contains the query parameter, irrespective of whether the parameter has a value or not. Only one of presentMatch, exactMatch, or regexMatch must be set. ", "type": "boolean" }, "regexMatch": { "description": "The queryParameterMatch matches if the value of the parameter matches the regular expression specified by regexMatch. For more information about regular expression syntax, see Syntax. Only one of presentMatch, exactMatch, or regexMatch must be set. Regular expressions can only be used when the loadBalancingScheme is set to INTERNAL_SELF_MANAGED. ", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/HttpQueryParameterMatch", "modUri": "tmod:@turbot/gcp-network" }}HttpRedirectAction
{ "description": "Specifies settings for an HTTP redirect.", "properties": { "hostRedirect": { "description": "The host that is used in the redirect response instead of the one that was supplied in the request. The value must be from 1 to 255 characters.", "type": "string" }, "httpsRedirect": { "description": "If set to true, the URL scheme in the redirected request is set to HTTPS. If set to false, the URL scheme of the redirected request remains the same as that of the request. This must only be set for URL maps used in TargetHttpProxys. Setting this true for TargetHttpsProxy is not permitted. The default is set to false.", "type": "boolean" }, "pathRedirect": { "description": "The path that is used in the redirect response instead of the one that was supplied in the request. pathRedirect cannot be supplied together with prefixRedirect. Supply one alone or neither. If neither is supplied, the path of the original request is used for the redirect. The value must be from 1 to 1024 characters.", "type": "string" }, "prefixRedirect": { "description": "The prefix that replaces the prefixMatch specified in the HttpRouteRuleMatch, retaining the remaining portion of the URL before redirecting the request. prefixRedirect cannot be supplied together with pathRedirect. Supply one alone or neither. If neither is supplied, the path of the original request is used for the redirect. The value must be from 1 to 1024 characters.", "type": "string" }, "redirectResponseCode": { "description": "The HTTP Status code to use for this RedirectAction. Supported values are: - MOVED_PERMANENTLY_DEFAULT, which is the default value and corresponds to 301. - FOUND, which corresponds to 302. - SEE_OTHER which corresponds to 303. - TEMPORARY_REDIRECT, which corresponds to 307. In this case, the request method is retained. - PERMANENT_REDIRECT, which corresponds to 308. In this case, the request method is retained. ", "enum": [ "FOUND", "MOVED_PERMANENTLY_DEFAULT", "PERMANENT_REDIRECT", "SEE_OTHER", "TEMPORARY_REDIRECT" ], "type": "string" }, "stripQuery": { "description": "If set to true, any accompanying query portion of the original URL is removed before redirecting the request. If set to false, the query portion of the original URL is retained. The default is set to false. ", "type": "boolean" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/HttpRedirectAction", "modUri": "tmod:@turbot/gcp-network" }}HttpRetryPolicy
{ "description": "The retry policy associates with HttpRouteRule", "properties": { "numRetries": { "description": "Specifies the allowed number retries. This number must be > 0. If not specified, defaults to 1.", "type": "integer" }, "perTryTimeout": { "$ref": "#/definitions/Duration", "description": "Specifies a non-zero timeout per retry attempt. If not specified, will use the timeout set in the HttpRouteAction field. If timeout in the HttpRouteAction field is not set, this field uses the largest timeout among all backend services associated with the route. Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true." }, "retryConditions": { "description": "Specifies one or more conditions when this retry policy applies. Valid values are: - 5xx: retry is attempted if the instance or endpoint responds with any 5xx response code, or if the instance or endpoint does not respond at all. For example, disconnects, reset, read timeout, connection failure, and refused streams. - gateway-error: Similar to 5xx, but only applies to response codes 502, 503 or 504. - connect-failure: a retry is attempted on failures connecting to the instance or endpoint. For example, connection timeouts. - retriable-4xx: a retry is attempted if the instance or endpoint responds with a 4xx response code. The only error that you can retry is error code 409. - refused-stream: a retry is attempted if the instance or endpoint resets the stream with a REFUSED_STREAM error code. This reset type indicates that it is safe to retry. - cancelled: a retry is attempted if the gRPC status code in the response header is set to cancelled. - deadline-exceeded: a retry is attempted if the gRPC status code in the response header is set to deadline-exceeded. - internal: a retry is attempted if the gRPC status code in the response header is set to internal. - resource-exhausted: a retry is attempted if the gRPC status code in the response header is set to resource-exhausted. - unavailable: a retry is attempted if the gRPC status code in the response header is set to unavailable. Only the following codes are supported when the URL map is bound to target gRPC proxy that has validateForProxyless field set to true. - cancelled - deadline-exceeded - internal - resource-exhausted - unavailable ", "items": { "type": "string" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/HttpRetryPolicy", "modUri": "tmod:@turbot/gcp-network" }}HttpRouteAction
{ "properties": { "corsPolicy": { "$ref": "#/definitions/CorsPolicy", "description": "The specification for allowing client-side cross-origin requests. For more information about the W3C recommendation for cross-origin resource sharing (CORS), see Fetch API Living Standard. Not supported when the URL map is bound to a target gRPC proxy." }, "faultInjectionPolicy": { "$ref": "#/definitions/HttpFaultInjection", "description": "The specification for fault injection introduced into traffic to test the resiliency of clients to backend service failure. As part of fault injection, when clients send requests to a backend service, delays can be introduced by a load balancer on a percentage of requests before sending those requests to the backend service. Similarly requests from clients can be aborted by the load balancer for a percentage of requests. timeout and retry_policy is ignored by clients that are configured with a fault_injection_policy if: 1. The traffic is generated by fault injection AND 2. The fault injection is not a delay fault injection. Fault injection is not supported with the classic Application Load Balancer . To see which load balancers support fault injection, see Load balancing: Routing and traffic management features." }, "maxStreamDuration": { "$ref": "#/definitions/Duration", "description": "Specifies the maximum duration (timeout) for streams on the selected route. Unlike the timeout field where the timeout duration starts from the time the request has been fully processed (known as *end-of-stream*), the duration in this field is computed from the beginning of the stream until the response has been processed, including all retries. A stream that does not complete in this duration is closed. If not specified, this field uses the maximum maxStreamDuration value among all backend services associated with the route. This field is only allowed if the Url map is used with backend services with loadBalancingScheme set to INTERNAL_SELF_MANAGED." }, "requestMirrorPolicy": { "$ref": "#/definitions/RequestMirrorPolicy", "description": "Specifies the policy on how requests intended for the route's backends are shadowed to a separate mirrored backend service. The load balancer does not wait for responses from the shadow service. Before sending traffic to the shadow service, the host / authority header is suffixed with -shadow. Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true." }, "retryPolicy": { "$ref": "#/definitions/HttpRetryPolicy", "description": "Specifies the retry policy associated with this route." }, "timeout": { "$ref": "#/definitions/Duration", "description": "Specifies the timeout for the selected route. Timeout is computed from the time the request has been fully processed (known as *end-of-stream*) up until the response has been processed. Timeout includes all retries. If not specified, this field uses the largest timeout among all backend services associated with the route. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true." }, "urlRewrite": { "$ref": "#/definitions/UrlRewrite", "description": "The spec to modify the URL of the request, before forwarding the request to the matched service. urlRewrite is the only action supported in UrlMaps for classic Application Load Balancers. Not supported when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true." }, "weightedBackendServices": { "description": "A list of weighted backend services to send traffic to when a route match occurs. The weights determine the fraction of traffic that flows to their corresponding backend service. If all traffic needs to go to a single backend service, there must be one weightedBackendService with weight set to a non-zero number. After a backend service is identified and before forwarding the request to the backend service, advanced routing actions such as URL rewrites and header transformations are applied depending on additional settings specified in this HttpRouteAction.", "items": { "$ref": "#/definitions/WeightedBackendService" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/HttpRouteAction", "modUri": "tmod:@turbot/gcp-network" }}HttpRouteRule
{ "description": "The HttpRouteRule setting specifies how to match an HTTP request and the corresponding routing action that load balancing proxies perform.", "properties": { "description": { "description": "The short description conveying the intent of this routeRule. The description can have a maximum length of 1024 characters.", "type": "string" }, "headerAction": { "$ref": "#/definitions/HttpHeaderAction", "description": "Specifies changes to request and response headers that need to take effect for the selected backendService. The headerAction value specified here is applied before the matching pathMatchers[].headerAction and after pathMatchers[].routeRules[].routeAction.weightedBackendService.backendServiceWeightAction[].headerAction HeaderAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true." }, "matchRules": { "description": "The list of criteria for matching attributes of a request to this routeRule. This list has OR semantics: the request matches this routeRule when any of the matchRules are satisfied. However predicates within a given matchRule have AND semantics. All predicates within a matchRule must match for the request to match the rule.", "items": { "$ref": "#/definitions/HttpRouteRuleMatch" }, "type": "array" }, "priority": { "description": "For routeRules within a given pathMatcher, priority determines the order in which a load balancer interprets routeRules. RouteRules are evaluated in order of priority, from the lowest to highest number. The priority of a rule decreases as its number increases (1, 2, 3, N+1). The first rule that matches the request is applied. You cannot configure two or more routeRules with the same priority. Priority for each rule must be set to a number from 0 to 2147483647 inclusive. Priority numbers can have gaps, which enable you to add or remove rules in the future without affecting the rest of the rules. For example, 1, 2, 3, 4, 5, 9, 12, 16 is a valid series of priority numbers to which you could add rules numbered from 6 to 8, 10 to 11, and 13 to 15 in the future without any impact on existing rules.", "type": "integer" }, "routeAction": { "$ref": "#/definitions/HttpRouteAction", "description": "In response to a matching matchRule, the load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If routeAction specifies any weightedBackendServices, service must not be set. Conversely if service is set, routeAction cannot contain any weightedBackendServices. Only one of urlRedirect, service or routeAction.weightedBackendService must be set. URL maps for classic Application Load Balancers only support the urlRewrite action within a route rule's routeAction." }, "service": { "description": "The full or partial URL of the backend service resource to which traffic is directed if this rule is matched. If routeAction is also specified, advanced routing actions, such as URL rewrites, take effect before sending the request to the backend. However, if service is specified, routeAction cannot contain any weightedBackendServices. Conversely, if routeAction specifies any weightedBackendServices, service must not be specified. Only one of urlRedirect, service or routeAction.weightedBackendService must be set.", "type": "string" }, "urlRedirect": { "$ref": "#/definitions/HttpRedirectAction", "description": "When this rule is matched, the request is redirected to a URL specified by urlRedirect. If urlRedirect is specified, service or routeAction must not be set. Not supported when the URL map is bound to a target gRPC proxy." } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/HttpRouteRule", "modUri": "tmod:@turbot/gcp-network" }}HttpRouteRuleMatch
{ "description": "HttpRouteRuleMatch specifies a set of criteria for matching requests to an HttpRouteRule. All specified criteria must be satisfied for a match to occur.", "properties": { "fullPathMatch": { "description": "For satisfying the matchRule condition, the path of the request must exactly match the value specified in fullPathMatch after removing any query parameters and anchor that may be part of the original URL. fullPathMatch must be from 1 to 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must be specified.", "type": "string" }, "headerMatches": { "description": "Specifies a list of header match criteria, all of which must match corresponding headers in the request.", "items": { "$ref": "#/definitions/HttpHeaderMatch" }, "type": "array" }, "ignoreCase": { "description": "Specifies that prefixMatch and fullPathMatch matches are case sensitive. The default value is false. ignoreCase must not be used with regexMatch. Not supported when the URL map is bound to a target gRPC proxy.", "type": "boolean" }, "metadataFilters": { "description": "Opaque filter criteria used by the load balancer to restrict routing configuration to a limited set of xDS compliant clients. In their xDS requests to the load balancer, xDS clients present node metadata. When there is a match, the relevant routing configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels provided in the metadata. If multiple metadata filters are specified, all of them need to be satisfied in order to be considered a match. metadataFilters specified here is applied after those specified in ForwardingRule that refers to the UrlMap this HttpRouteRuleMatch belongs to. metadataFilters only applies to load balancers that have loadBalancingScheme set to INTERNAL_SELF_MANAGED. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.", "items": { "$ref": "#/definitions/MetadataFilter" }, "type": "array" }, "pathTemplateMatch": { "description": "If specified, the route is a pattern match expression that must match the :path header once the query string is removed. A pattern match allows you to match - The value must be between 1 and 1024 characters - The pattern must start with a leading slash (\"/\") - There may be no more than 5 operators in pattern Precisely one of prefix_match, full_path_match, regex_match or path_template_match must be set.", "type": "string" }, "prefixMatch": { "description": "For satisfying the matchRule condition, the request's path must begin with the specified prefixMatch. prefixMatch must begin with a /. The value must be from 1 to 1024 characters. Only one of prefixMatch, fullPathMatch or regexMatch must be specified.", "type": "string" }, "queryParameterMatches": { "description": "Specifies a list of query parameter match criteria, all of which must match corresponding query parameters in the request. Not supported when the URL map is bound to a target gRPC proxy.", "items": { "$ref": "#/definitions/HttpQueryParameterMatch" }, "type": "array" }, "regexMatch": { "description": "For satisfying the matchRule condition, the path of the request must satisfy the regular expression specified in regexMatch after removing any query parameters and anchor supplied with the original URL. For more information about regular expression syntax, see Syntax. Only one of prefixMatch, fullPathMatch or regexMatch must be specified. Regular expressions can only be used when the loadBalancingScheme is set to INTERNAL_SELF_MANAGED.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/HttpRouteRuleMatch", "modUri": "tmod:@turbot/gcp-network" }}Int64RangeMatch
{ "description": "HttpRouteRuleMatch criteria for field values that must stay within the specified integer range.", "properties": { "rangeEnd": { "description": "The end of the range (exclusive) in signed long integer format.", "type": "string" }, "rangeStart": { "description": "The start of the range (inclusive) in signed long integer format.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/Int64RangeMatch", "modUri": "tmod:@turbot/gcp-network" }}interconnect
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/interconnectName" }, "state": { "$ref": "#/definitions/interconnectStatus" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/interconnectAka" } }, "title": { "$ref": "#/definitions/interconnectName" }, "custom": { "type": "object", "properties": { "gcp": { "$ref": "gcp#/definitions/gcpMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "required": [ "name", "turbot" ], "tests": [ { "description": "all details provided", "input": { "name": "tes01", "turbot": { "custom": { "createTimestamp": "2017-03-05T13:58:05.590Z", "gcp": { "projectId": "aar-a4b6d489" } } } } }, { "description": "invalid - name property is missing", "input": { "turbot": { "custom": { "createTimestamp": "2017-03-05T13:58:05.590Z", "gcp": { "projectId": "aar-a4b6d489" } } } }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/interconnect", "modUri": "tmod:@turbot/gcp-network" }}Interconnect
{ "description": "Represents an Interconnect resource. An Interconnect resource is a dedicated connection between the Google Cloud network and your on-premises network. For more information, read the Dedicated Interconnect Overview.", "properties": { "adminEnabled": { "description": "Administrative status of the interconnect. When this is set to true, the Interconnect is functional and can carry traffic. When set to false, no packets can be carried over the interconnect and no BGP routes are exchanged over it. By default, the status is set to true.", "type": "boolean" }, "availableFeatures": { "description": "[Output only] List of features available for this Interconnect connection, which can take one of the following values: - MACSEC If present then the Interconnect connection is provisioned on MACsec capable hardware ports. If not present then the Interconnect connection is provisioned on non-MACsec capable ports and MACsec isn't supported and enabling MACsec fails.", "items": { "enum": [ "IF_MACSEC" ], "type": "string" }, "type": "array" }, "circuitInfos": { "description": "[Output Only] A list of CircuitInfo objects, that describe the individual circuits in this LAG.", "items": { "$ref": "#/definitions/InterconnectCircuitInfo" }, "type": "array" }, "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "customerName": { "description": "Customer name, to put in the Letter of Authorization as the party authorized to request a crossconnect.", "type": "string" }, "description": { "description": "An optional description of this resource. Provide this property when you create the resource.", "type": "string" }, "expectedOutages": { "description": "[Output Only] A list of outages expected for this Interconnect.", "items": { "$ref": "#/definitions/InterconnectOutageNotification" }, "type": "array" }, "googleIpAddress": { "description": "[Output Only] IP address configured on the Google side of the Interconnect link. This can be used only for ping tests.", "type": "string" }, "googleReferenceId": { "description": "[Output Only] Google reference ID to be used when raising support tickets with Google or otherwise to debug backend connectivity issues.", "type": "string" }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "interconnectAttachments": { "description": "[Output Only] A list of the URLs of all InterconnectAttachments configured to use this Interconnect.", "items": { "type": "string" }, "type": "array" }, "interconnectType": { "description": "Type of interconnect, which can take one of the following values: - PARTNER: A partner-managed interconnection shared between customers though a partner. - DEDICATED: A dedicated physical interconnection with the customer. Note that a value IT_PRIVATE has been deprecated in favor of DEDICATED.", "enum": [ "DEDICATED", "IT_PRIVATE", "PARTNER" ], "type": "string" }, "kind": { "default": "compute#interconnect", "description": "[Output Only] Type of the resource. Always compute#interconnect for interconnects.", "type": "string" }, "labelFingerprint": { "description": "A fingerprint for the labels being applied to this Interconnect, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an Interconnect.", "type": "string" }, "labels": { "additionalProperties": { "type": "string" }, "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.", "type": "object" }, "linkType": { "description": "Type of link requested, which can take one of the following values: - LINK_TYPE_ETHERNET_10G_LR: A 10G Ethernet with LR optics - LINK_TYPE_ETHERNET_100G_LR: A 100G Ethernet with LR optics. Note that this field indicates the speed of each of the links in the bundle, not the speed of the entire bundle.", "enum": [ "LINK_TYPE_ETHERNET_100G_LR", "LINK_TYPE_ETHERNET_10G_LR" ], "type": "string" }, "location": { "description": "URL of the InterconnectLocation object that represents where this connection is to be provisioned.", "type": "string" }, "macsec": { "$ref": "#/definitions/InterconnectMacsec", "description": "Configuration that enables Media Access Control security (MACsec) on the Cloud Interconnect connection between Google and your on-premises router." }, "macsecEnabled": { "description": "Enable or disable MACsec on this Interconnect connection. MACsec enablement fails if the MACsec object is not specified.", "type": "boolean" }, "name": { "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "nocContactEmail": { "description": "Email address to contact the customer NOC for operations and maintenance notifications regarding this Interconnect. If specified, this will be used for notifications in addition to all other forms described, such as Cloud Monitoring logs alerting and Cloud Notifications. This field is required for users who sign up for Cloud Interconnect using workforce identity federation.", "type": "string" }, "operationalStatus": { "description": "[Output Only] The current status of this Interconnect's functionality, which can take one of the following values: - OS_ACTIVE: A valid Interconnect, which is turned up and is ready to use. Attachments may be provisioned on this Interconnect. - OS_UNPROVISIONED: An Interconnect that has not completed turnup. No attachments may be provisioned on this Interconnect. - OS_UNDER_MAINTENANCE: An Interconnect that is undergoing internal maintenance. No attachments may be provisioned or updated on this Interconnect. ", "enum": [ "OS_ACTIVE", "OS_UNPROVISIONED" ], "type": "string" }, "peerIpAddress": { "description": "[Output Only] IP address configured on the customer side of the Interconnect link. The customer should configure this IP address during turnup when prompted by Google NOC. This can be used only for ping tests.", "type": "string" }, "provisionedLinkCount": { "description": "[Output Only] Number of links actually provisioned in this interconnect.", "type": "integer" }, "remoteLocation": { "description": "Indicates that this is a Cross-Cloud Interconnect. This field specifies the location outside of Google's network that the interconnect is connected to.", "type": "string" }, "requestedFeatures": { "description": "Optional. List of features requested for this Interconnect connection, which can take one of the following values: - MACSEC If specified then the connection is created on MACsec capable hardware ports. If not specified, the default value is false, which allocates non-MACsec capable ports first if available. This parameter can be provided only with Interconnect INSERT. It isn't valid for Interconnect PATCH.", "items": { "enum": [ "IF_MACSEC" ], "type": "string" }, "type": "array" }, "requestedLinkCount": { "description": "Target number of physical links in the link bundle, as requested by the customer.", "type": "integer" }, "satisfiesPzs": { "description": "[Output Only] Reserved for future use.", "type": "boolean" }, "selfLink": { "description": "[Output Only] Server-defined URL for the resource.", "type": "string" }, "state": { "description": "[Output Only] The current state of Interconnect functionality, which can take one of the following values: - ACTIVE: The Interconnect is valid, turned up and ready to use. Attachments may be provisioned on this Interconnect. - UNPROVISIONED: The Interconnect has not completed turnup. No attachments may be provisioned on this Interconnect. - UNDER_MAINTENANCE: The Interconnect is undergoing internal maintenance. No attachments may be provisioned or updated on this Interconnect. ", "enum": [ "ACTIVE", "UNPROVISIONED" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/Interconnect", "modUri": "tmod:@turbot/gcp-network" }}interconnectAka
{ "addressAka": null, "type": "string", "pattern": "^gcp://compute.googleapis.com/projects/[a-z0-9-]{5,29}[a-z0-9]{1}/global/interconnects/[a-z]([-a-z0-9]*[a-z0-9]){1,63}$", "tests": [ { "descritpion": "base case", "input": "gcp://compute.googleapis.com/projects/cse-legolas-2/global/interconnects/test01" }, { "description": "invalid - invalid region name", "input": "gcp://compute.googleapis.com/projects/cse-legolas-2/globaadasdascl/interconnects/test01", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/interconnectAka", "modUri": "tmod:@turbot/gcp-network" }}InterconnectCircuitInfo
{ "description": "Describes a single physical circuit between the Customer and Google. CircuitInfo objects are created by Google, so all fields are output only.", "properties": { "customerDemarcId": { "description": "Customer-side demarc ID for this circuit.", "type": "string" }, "googleCircuitId": { "description": "Google-assigned unique ID for this circuit. Assigned at circuit turn-up.", "type": "string" }, "googleDemarcId": { "description": "Google-side demarc ID for this circuit. Assigned at circuit turn-up and provided by Google to the customer in the LOA.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/InterconnectCircuitInfo", "modUri": "tmod:@turbot/gcp-network" }}InterconnectMacsec
{ "description": "Configuration information for enabling Media Access Control security (MACsec) on this Cloud Interconnect connection between Google and your on-premises router.", "properties": { "failOpen": { "description": "If set to true, the Interconnect connection is configured with a should-secure MACsec security policy, that allows the Google router to fallback to cleartext traffic if the MKA session cannot be established. By default, the Interconnect connection is configured with a must-secure security policy that drops all traffic if the MKA session cannot be established with your router.", "type": "boolean" }, "preSharedKeys": { "description": "Required. A keychain placeholder describing a set of named key objects along with their start times. A MACsec CKN/CAK is generated for each key in the key chain. Google router automatically picks the key with the most recent startTime when establishing or re-establishing a MACsec secure link.", "items": { "$ref": "#/definitions/InterconnectMacsecPreSharedKey" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/InterconnectMacsec", "modUri": "tmod:@turbot/gcp-network" }}InterconnectMacsecPreSharedKey
{ "description": "Describes a pre-shared key used to setup MACsec in static connectivity association key (CAK) mode.", "properties": { "name": { "description": "Required. A name for this pre-shared key. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "type": "string" }, "startTime": { "description": "A RFC3339 timestamp on or after which the key is valid. startTime can be in the future. If the keychain has a single key, startTime can be omitted. If the keychain has multiple keys, startTime is mandatory for each key. The start times of keys must be in increasing order. The start times of two consecutive keys must be at least 6 hours apart.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/InterconnectMacsecPreSharedKey", "modUri": "tmod:@turbot/gcp-network" }}interconnectName
{ "type": "string", "minLength": 1, "maxLength": 63, "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", "tests": [ { "input": "test" }, { "input": "testmeplease" }, { "input": "a123456789a123456789a123456789a123456789a123456789a123456789a12" }, { "description": "invalid - can not start with uppercase", "input": "Test", "expected": false }, { "description": "invalid - can not contain a special character", "input": "test@123", "expected": false }, { "description": "invalid - too long", "input": "a123456789a123456789a123456789a123456789a123456789a123456789a12b", "expected": false }, { "description": "invalid - empty string passed", "input": "", "expected": false }, { "description": "invalid - cannot end with a hyphen", "input": "test-", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/interconnectName", "modUri": "tmod:@turbot/gcp-network" }}InterconnectOutageNotification
{ "description": "Description of a planned outage on this Interconnect.", "properties": { "affectedCircuits": { "description": "If issue_type is IT_PARTIAL_OUTAGE, a list of the Google-side circuit IDs that will be affected.", "items": { "type": "string" }, "type": "array" }, "description": { "description": "A description about the purpose of the outage.", "type": "string" }, "endTime": { "description": "Scheduled end time for the outage (milliseconds since Unix epoch).", "type": "string" }, "issueType": { "description": "Form this outage is expected to take, which can take one of the following values: - OUTAGE: The Interconnect may be completely out of service for some or all of the specified window. - PARTIAL_OUTAGE: Some circuits comprising the Interconnect as a whole should remain up, but with reduced bandwidth. Note that the versions of this enum prefixed with \"IT_\" have been deprecated in favor of the unprefixed values.", "enum": [ "IT_OUTAGE", "IT_PARTIAL_OUTAGE", "OUTAGE", "PARTIAL_OUTAGE" ], "type": "string" }, "name": { "description": "Unique identifier for this outage notification.", "type": "string" }, "source": { "description": "The party that generated this notification, which can take the following value: - GOOGLE: this notification as generated by Google. Note that the value of NSRC_GOOGLE has been deprecated in favor of GOOGLE.", "enum": [ "GOOGLE", "NSRC_GOOGLE" ], "type": "string" }, "startTime": { "description": "Scheduled start time for the outage (milliseconds since Unix epoch).", "type": "string" }, "state": { "description": "State of this notification, which can take one of the following values: - ACTIVE: This outage notification is active. The event could be in the past, present, or future. See start_time and end_time for scheduling. - CANCELLED: The outage associated with this notification was cancelled before the outage was due to start. - COMPLETED: The outage associated with this notification is complete. Note that the versions of this enum prefixed with \"NS_\" have been deprecated in favor of the unprefixed values.", "enum": [ "ACTIVE", "CANCELLED", "COMPLETED", "NS_ACTIVE", "NS_CANCELED" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/InterconnectOutageNotification", "modUri": "tmod:@turbot/gcp-network" }}interconnectStatus
{ "type": "string", "enum": [ "PROVISIONED", "UNPROVISIONED" ], "tests": [ { "input": "PROVISIONED" }, { "input": "UNPROVISIONED" }, { "description": "invalid - empty string", "input": "", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/interconnectStatus", "modUri": "tmod:@turbot/gcp-network" }}ipAddress
{ "type": "string", "pattern": "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$", "tests": [ { "input": "192.32.43.3" }, { "description": "invalid - empty string", "input": "", "expected": false }, { "description": "invalid - length greater than default", "input": "192.33.45.1234", "expected": false }, { "description": "invalid - symbols/special character/character not allwed", "input": "1@2.a4/23.4", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/ipAddress", "modUri": "tmod:@turbot/gcp-network" }}ipv4CidrBlock
{ "description": "An IPv4 CIDR block.", "type": "string", "pattern": "^[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}/[0-9]{1,2}$", "tests": [ { "description": "all zero octects and prefix.", "input": "0.0.0.0/0" }, { "description": "invalid - missing first octect", "input": "0.0.0/0", "expected": false }, { "description": "invalid - missing prefix", "input": "0.0.0.0/", "expected": false }, { "description": "invalid - prefix too many digits", "input": "0.0.0.0/123", "expected": false }, { "description": "invalid - octect too many digits", "input": "1234.0.0.0/0", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/ipv4CidrBlock", "modUri": "tmod:@turbot/gcp-network" }}LogConfig
{ "description": "This is deprecated and has no effect. Do not use.", "properties": { "cloudAudit": { "$ref": "#/definitions/LogConfigCloudAuditOptions", "description": "This is deprecated and has no effect. Do not use." }, "counter": { "$ref": "#/definitions/LogConfigCounterOptions", "description": "This is deprecated and has no effect. Do not use." }, "dataAccess": { "$ref": "#/definitions/LogConfigDataAccessOptions", "description": "This is deprecated and has no effect. Do not use." } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/LogConfig", "modUri": "tmod:@turbot/gcp-network" }}LogConfigCloudAuditOptions
{ "description": "This is deprecated and has no effect. Do not use.", "properties": { "authorizationLoggingOptions": { "$ref": "#/definitions/AuthorizationLoggingOptions", "description": "This is deprecated and has no effect. Do not use." }, "logName": { "description": "This is deprecated and has no effect. Do not use.", "enum": [ "ADMIN_ACTIVITY", "DATA_ACCESS", "UNSPECIFIED_LOG_NAME" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/LogConfigCloudAuditOptions", "modUri": "tmod:@turbot/gcp-network" }}LogConfigCounterOptions
{ "description": "This is deprecated and has no effect. Do not use.", "properties": { "customFields": { "description": "This is deprecated and has no effect. Do not use.", "items": { "$ref": "#/definitions/LogConfigCounterOptionsCustomField" }, "type": "array" }, "field": { "description": "This is deprecated and has no effect. Do not use.", "type": "string" }, "metric": { "description": "This is deprecated and has no effect. Do not use.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/LogConfigCounterOptions", "modUri": "tmod:@turbot/gcp-network" }}LogConfigCounterOptionsCustomField
{ "description": "This is deprecated and has no effect. Do not use.", "properties": { "name": { "description": "This is deprecated and has no effect. Do not use.", "type": "string" }, "value": { "description": "This is deprecated and has no effect. Do not use.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/LogConfigCounterOptionsCustomField", "modUri": "tmod:@turbot/gcp-network" }}LogConfigDataAccessOptions
{ "description": "This is deprecated and has no effect. Do not use.", "properties": { "logMode": { "description": "This is deprecated and has no effect. Do not use.", "enum": [ "LOG_FAIL_CLOSED", "LOG_MODE_UNSPECIFIED" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/LogConfigDataAccessOptions", "modUri": "tmod:@turbot/gcp-network" }}MetadataFilter
{ "description": "Opaque filter criteria used by load balancers to restrict routing configuration to a limited set of load balancing proxies. Proxies and sidecars involved in load balancing would typically present metadata to the load balancers that need to match criteria specified here. If a match takes place, the relevant configuration is made available to those proxies. For each metadataFilter in this list, if its filterMatchCriteria is set to MATCH_ANY, at least one of the filterLabels must match the corresponding label provided in the metadata. If its filterMatchCriteria is set to MATCH_ALL, then all of its filterLabels must match with corresponding labels provided in the metadata. An example for using metadataFilters would be: if load balancing involves Envoys, they receive routing configuration when values in metadataFilters match values supplied in of their XDS requests to loadbalancers.", "properties": { "filterLabels": { "description": "The list of label value pairs that must match labels in the provided metadata based on filterMatchCriteria This list must not be empty and can have at the most 64 entries.", "items": { "$ref": "#/definitions/MetadataFilterLabelMatch" }, "type": "array" }, "filterMatchCriteria": { "description": "Specifies how individual filter label matches within the list of filterLabels and contributes toward the overall metadataFilter match. Supported values are: - MATCH_ANY: at least one of the filterLabels must have a matching label in the provided metadata. - MATCH_ALL: all filterLabels must have matching labels in the provided metadata. ", "enum": [ "MATCH_ALL", "MATCH_ANY", "NOT_SET" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/MetadataFilter", "modUri": "tmod:@turbot/gcp-network" }}MetadataFilterLabelMatch
{ "description": "MetadataFilter label name value pairs that are expected to match corresponding labels presented as metadata to the load balancer.", "properties": { "name": { "description": "Name of metadata label. The name can have a maximum length of 1024 characters and must be at least 1 character long.", "type": "string" }, "value": { "description": "The value of the label must match the specified value. value can have a maximum length of 1024 characters.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/MetadataFilterLabelMatch", "modUri": "tmod:@turbot/gcp-network" }}network
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/resourceName" }, "IPv4Range": { "$ref": "#/definitions/ipv4CidrBlock" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/networkAka" } }, "title": { "$ref": "#/definitions/resourceName" }, "custom": { "type": "object", "properties": { "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "gcp": { "$ref": "gcp#/definitions/gcpMetadata" } } } } } }, "required": [ "name", "turbot" ], "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "name": "tes01", "turbot": { "custom": { "createTimestamp": "2017-03-05T13:58:05.590Z", "gcp": { "projectId": "aar-a4b6d489" } } } } }, { "description": "Invalid - Missing name", "input": { "turbot": { "custom": { "createTimestamp": "2017-03-05T13:58:05.590Z", "gcp": { "projectId": "aar-a4b6d489" } } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "name": "tes01" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/network", "modUri": "tmod:@turbot/gcp-network" }}Network
{ "description": "Represents a VPC Network resource. Networks connect resources to each other and to the internet. For more information, read Virtual Private Cloud (VPC) Network.", "properties": { "IPv4Range": { "deprecated": true, "description": "Deprecated in favor of subnet mode networks. The range of internal addresses that are legal on this network. This range is a CIDR specification, for example: 192.168.0.0/16. Provided by the client when the network is created.", "pattern": "[0-9]{1,3}(?:\\.[0-9]{1,3}){3}/[0-9]{1,2}", "type": "string" }, "autoCreateSubnetworks": { "description": "Must be set to create a VPC network. If not set, a legacy network is created. When set to true, the VPC network is created in auto mode. When set to false, the VPC network is created in custom mode. An auto mode VPC network starts with one subnet per region. Each subnet has a predetermined range as described in Auto mode VPC network IP ranges. For custom mode VPC networks, you can add subnets using the subnetworks insert method.", "type": "boolean" }, "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "description": { "description": "An optional description of this resource. Provide this field when you create the resource.", "type": "string" }, "enableUlaInternalIpv6": { "description": "Enable ULA internal ipv6 on this network. Enabling this feature will assign a /48 from google defined ULA prefix fd20::/20. .", "type": "boolean" }, "firewallPolicy": { "description": "[Output Only] URL of the firewall policy the network is associated with.", "type": "string" }, "gatewayIPv4": { "description": "[Output Only] The gateway address for default routing out of the network, selected by Google Cloud.", "pattern": "[0-9]{1,3}(?:\\.[0-9]{1,3}){3}", "type": "string" }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "internalIpv6Range": { "description": "When enabling ula internal ipv6, caller optionally can specify the /48 range they want from the google defined ULA prefix fd20::/20. The input must be a valid /48 ULA IPv6 address and must be within the fd20::/20. Operation will fail if the speficied /48 is already in used by another resource. If the field is not speficied, then a /48 range will be randomly allocated from fd20::/20 and returned via this field. .", "type": "string" }, "kind": { "default": "compute#network", "description": "[Output Only] Type of the resource. Always compute#network for networks.", "type": "string" }, "mtu": { "description": "Maximum Transmission Unit in bytes. The minimum value for this field is 1300 and the maximum value is 8896. The suggested value is 1500, which is the default MTU used on the Internet, or 8896 if you want to use Jumbo frames. If unspecified, the value defaults to 1460.", "type": "integer" }, "name": { "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "networkFirewallPolicyEnforcementOrder": { "description": "The network firewall policy enforcement order. Can be either AFTER_CLASSIC_FIREWALL or BEFORE_CLASSIC_FIREWALL. Defaults to AFTER_CLASSIC_FIREWALL if the field is not specified.", "enum": [ "AFTER_CLASSIC_FIREWALL", "BEFORE_CLASSIC_FIREWALL" ], "type": "string" }, "peerings": { "description": "[Output Only] A list of network peerings for the resource.", "items": { "$ref": "#/definitions/NetworkPeering" }, "type": "array" }, "routingConfig": { "$ref": "#/definitions/NetworkRoutingConfig", "description": "The network-level routing configuration for this network. Used by Cloud Router to determine what type of network-wide routing behavior to enforce." }, "selfLink": { "description": "[Output Only] Server-defined URL for the resource.", "type": "string" }, "selfLinkWithId": { "description": "[Output Only] Server-defined URL for this resource with the resource id.", "type": "string" }, "subnetworks": { "description": "[Output Only] Server-defined fully-qualified URLs for all subnetworks in this VPC network.", "items": { "type": "string" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/Network", "modUri": "tmod:@turbot/gcp-network" }}networkAka
{ "type": "string", "pattern": "^gcp://compute.googleapis.com/projects/[a-z0-9-]{5,29}[a-z0-9]{1}/global/networks/[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?$", "tests": [ { "descritpion": "base case", "input": "gcp://compute.googleapis.com/projects/aar-a4b6d489/global/networks/test01" }, { "description": "invalid - project ID too short", "input": "gcp://compute.googleapis.com/projects/bad/global/networks/test01", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/networkAka", "modUri": "tmod:@turbot/gcp-network" }}networkName
{ "type": "string", "pattern": "^projects/[0-9]{1,12}/services/servicenetworking.googleapis.com$", "tests": [ { "description": "base", "input": "projects/932405488407/services/servicenetworking.googleapis.com" }, { "description": "invalid name", "input": "projects/cse-legolas-2/services/iam.googleapis.com", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/networkName", "modUri": "tmod:@turbot/gcp-network" }}NetworkPeering
{ "description": "A network peering attached to a network resource. The message includes the peering name, peer network, peering state, and a flag indicating whether Google Compute Engine should automatically create routes for the peering.", "properties": { "autoCreateRoutes": { "description": "This field will be deprecated soon. Use the exchange_subnet_routes field instead. Indicates whether full mesh connectivity is created and managed automatically between peered networks. Currently this field should always be true since Google Compute Engine will automatically create and manage subnetwork routes between two networks when peering state is ACTIVE.", "type": "boolean" }, "exchangeSubnetRoutes": { "description": "Indicates whether full mesh connectivity is created and managed automatically between peered networks. Currently this field should always be true since Google Compute Engine will automatically create and manage subnetwork routes between two networks when peering state is ACTIVE.", "type": "boolean" }, "exportCustomRoutes": { "description": "Whether to export the custom routes to peer network. The default value is false.", "type": "boolean" }, "exportSubnetRoutesWithPublicIp": { "description": "Whether subnet routes with public IP range are exported. The default value is true, all subnet routes are exported. IPv4 special-use ranges are always exported to peers and are not controlled by this field.", "type": "boolean" }, "importCustomRoutes": { "description": "Whether to import the custom routes from peer network. The default value is false.", "type": "boolean" }, "importSubnetRoutesWithPublicIp": { "description": "Whether subnet routes with public IP range are imported. The default value is false. IPv4 special-use ranges are always imported from peers and are not controlled by this field.", "type": "boolean" }, "name": { "description": "Name of this peering. Provided by the client when the peering is created. The name must comply with RFC1035. Specifically, the name must be 1-63 characters long and match regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all the following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "type": "string" }, "network": { "description": "The URL of the peer network. It can be either full URL or partial URL. The peer network may belong to a different project. If the partial URL does not contain project, it is assumed that the peer network is in the same project as the current network.", "type": "string" }, "peerMtu": { "description": "Maximum Transmission Unit in bytes.", "type": "integer" }, "stackType": { "description": "Which IP version(s) of traffic and routes are allowed to be imported or exported between peer networks. The default value is IPV4_ONLY.", "enum": [ "IPV4_IPV6", "IPV4_ONLY" ], "type": "string" }, "state": { "description": "[Output Only] State for the peering, either `ACTIVE` or `INACTIVE`. The peering is `ACTIVE` when there's a matching configuration in the peer network.", "enum": [ "ACTIVE", "INACTIVE" ], "type": "string" }, "stateDetails": { "description": "[Output Only] Details about the current state of the peering.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/NetworkPeering", "modUri": "tmod:@turbot/gcp-network" }}NetworkRoutingConfig
{ "description": "A routing configuration attached to a network resource. The message includes the list of routers associated with the network, and a flag indicating the type of routing behavior to enforce network-wide.", "properties": { "routingMode": { "description": "The network-wide routing mode to use. If set to REGIONAL, this network's Cloud Routers will only advertise routes with subnets of this network in the same region as the router. If set to GLOBAL, this network's Cloud Routers will advertise routes with all subnets of this network, across regions.", "enum": [ "GLOBAL", "REGIONAL" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/NetworkRoutingConfig", "modUri": "tmod:@turbot/gcp-network" }}networkService
{ "type": "object", "properties": { "state": { "$ref": "gcp#/definitions/state" }, "name": { "$ref": "#/definitions/networkName" }, "config": { "type": "object" }, "parent": { "type": "string" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/networkServiceAka" } }, "title": { "type": "string" }, "custom": { "type": "object", "properties": { "gcp": { "$ref": "gcp#/definitions/gcpMetadata" } } } } } }, "required": [ "name" ], "tests": [ { "description": "Valid - base test", "input": { "name": "projects/932405488407/services/servicenetworking.googleapis.com", "turbot": { "akas": [ "gcp://serviceusage.googleapis.com/projects/932405488407/services/servicenetworking.googleapis.com" ], "title": "Service Networking API", "custom": { "gcp": { "projectId": "cse-legolas-2" } } } } } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/networkService", "modUri": "tmod:@turbot/gcp-network" }}networkServiceAka
{ "type": "string", "pattern": "^gcp://serviceusage.googleapis.com/projects/[0-9]{12}/services/servicenetworking.googleapis.com", "tests": [ { "description": "base", "input": "gcp://serviceusage.googleapis.com/projects/932405488407/services/servicenetworking.googleapis.com" }, { "description": "invalid aka", "input": "gcp://serviceusage.googleapis.com/projects/cse-legolas-2/services/iam.googleapis.com", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/networkServiceAka", "modUri": "tmod:@turbot/gcp-network" }}networkServiceNow
{ "defaultColumns": { "auto_create_subnetworks": { "column": "enabled", "type": "boolean" }, "creation_timestamp": { "column": "enabled" }, "description": { "column": "enabled" }, "gateway_ipv4": { "column": "enabled", "label": "Gateway IPv4", "path": "data.gatewayIPv4" }, "id": { "column": "enabled", "label": "ID" }, "ipv4_range": { "column": "enabled", "label": "IPv4 Range", "path": "data.IPv4Range" }, "kind": { "column": "enabled" }, "mtu": { "column": "enabled", "label": "MTU" }, "network_name": { "column": "enabled", "label": "Network Name", "path": "data.name" }, "peerings": { "column": "enabled", "type": "string", "size": 1000 }, "project": { "column": "enabled", "type": "string", "path": "metadata.gcp.projectId" }, "routing_mode": { "column": "enabled", "path": "data.routingConfig.routingMode" }, "self_link": { "column": "enabled" }, "subnetworks": { "column": "enabled", "type": "string", "size": 1000 } }, ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/networkServiceNow", "modUri": "tmod:@turbot/gcp-network" }}networkServiceSupportedRegions
{ "type": "array", "items": { "$ref": "#/definitions/regionName" }, "minItems": 1, "example": [ [ "us-west1", "us-west2" ] ], "default": [ "asia-east1", "asia-northeast1", "asia-south1", "asia-southeast1", "australia-southeast1", "europe-north1", "europe-west1", "europe-west2", "europe-west3", "europe-west4", "europe-west6", "northamerica-northeast1", "southamerica-east1", "us-central1", "us-east1", "us-east4", "us-west1", "us-west2" ], "tests": [ { "description": "one region", "input": [ "us-east1" ] }, { "description": "all supported regions", "input": [ "asia-east1", "asia-northeast1", "asia-south1", "asia-southeast1", "australia-southeast1", "europe-north1", "europe-west1", "europe-west2", "europe-west3", "europe-west4", "europe-west6", "northamerica-northeast1", "southamerica-east1", "us-central1", "us-east1", "us-east4", "us-west1", "us-west2" ] }, { "description": "invalid - no regions", "input": [], "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/networkServiceSupportedRegions", "modUri": "tmod:@turbot/gcp-network" }}OutlierDetection
{ "description": "Settings controlling the eviction of unhealthy hosts from the load balancing pool for the backend service.", "properties": { "baseEjectionTime": { "$ref": "#/definitions/Duration", "description": "The base time that a backend endpoint is ejected for. Defaults to 30000ms or 30s. After a backend endpoint is returned back to the load balancing pool, it can be ejected again in another ejection analysis. Thus, the total ejection time is equal to the base ejection time multiplied by the number of times the backend endpoint has been ejected. Defaults to 30000ms or 30s." }, "consecutiveErrors": { "description": "Number of consecutive errors before a backend endpoint is ejected from the load balancing pool. When the backend endpoint is accessed over HTTP, a 5xx return code qualifies as an error. Defaults to 5.", "type": "integer" }, "consecutiveGatewayFailure": { "description": "The number of consecutive gateway failures (502, 503, 504 status or connection errors that are mapped to one of those status codes) before a consecutive gateway failure ejection occurs. Defaults to 3.", "type": "integer" }, "enforcingConsecutiveErrors": { "description": "The percentage chance that a backend endpoint will be ejected when an outlier status is detected through consecutive 5xx. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 0.", "type": "integer" }, "enforcingConsecutiveGatewayFailure": { "description": "The percentage chance that a backend endpoint will be ejected when an outlier status is detected through consecutive gateway failures. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.", "type": "integer" }, "enforcingSuccessRate": { "description": "The percentage chance that a backend endpoint will be ejected when an outlier status is detected through success rate statistics. This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100. Not supported when the backend service uses Serverless NEG.", "type": "integer" }, "interval": { "$ref": "#/definitions/Duration", "description": "Time interval between ejection analysis sweeps. This can result in both new ejections and backend endpoints being returned to service. The interval is equal to the number of seconds as defined in outlierDetection.interval.seconds plus the number of nanoseconds as defined in outlierDetection.interval.nanos. Defaults to 1 second." }, "maxEjectionPercent": { "description": "Maximum percentage of backend endpoints in the load balancing pool for the backend service that can be ejected if the ejection conditions are met. Defaults to 50%.", "type": "integer" }, "successRateMinimumHosts": { "description": "The number of backend endpoints in the load balancing pool that must have enough request volume to detect success rate outliers. If the number of backend endpoints is fewer than this setting, outlier detection via success rate statistics is not performed for any backend endpoint in the load balancing pool. Defaults to 5. Not supported when the backend service uses Serverless NEG.", "type": "integer" }, "successRateRequestVolume": { "description": "The minimum number of total requests that must be collected in one interval (as defined by the interval duration above) to include this backend endpoint in success rate based outlier detection. If the volume is lower than this setting, outlier detection via success rate statistics is not performed for that backend endpoint. Defaults to 100. Not supported when the backend service uses Serverless NEG.", "type": "integer" }, "successRateStdevFactor": { "description": "This factor is used to determine the ejection threshold for success rate outlier ejection. The ejection threshold is the difference between the mean success rate, and the product of this factor and the standard deviation of the mean success rate: mean - (stdev * successRateStdevFactor). This factor is divided by a thousand to get a double. That is, if the desired factor is 1.9, the runtime value should be 1900. Defaults to 1900. Not supported when the backend service uses Serverless NEG.", "type": "integer" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/OutlierDetection", "modUri": "tmod:@turbot/gcp-network" }}PacketMirroring
{ "description": "Represents a Packet Mirroring resource. Packet Mirroring clones the traffic of specified instances in your Virtual Private Cloud (VPC) network and forwards it to a collector destination, such as an instance group of an internal TCP/UDP load balancer, for analysis or examination. For more information about setting up Packet Mirroring, see Using Packet Mirroring.", "properties": { "collectorIlb": { "$ref": "#/definitions/PacketMirroringForwardingRuleInfo", "description": "The Forwarding Rule resource of type loadBalancingScheme=INTERNAL that will be used as collector for mirrored traffic. The specified forwarding rule must have isMirroringCollector set to true." }, "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "description": { "description": "An optional description of this resource. Provide this property when you create the resource.", "type": "string" }, "enable": { "description": "Indicates whether or not this packet mirroring takes effect. If set to FALSE, this packet mirroring policy will not be enforced on the network. The default is TRUE.", "enum": [ "FALSE", "TRUE" ], "type": "string" }, "filter": { "$ref": "#/definitions/PacketMirroringFilter", "description": "Filter for mirrored traffic. If unspecified, all traffic is mirrored." }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "kind": { "default": "compute#packetMirroring", "description": "[Output Only] Type of the resource. Always compute#packetMirroring for packet mirrorings.", "type": "string" }, "mirroredResources": { "$ref": "#/definitions/PacketMirroringMirroredResourceInfo", "description": "PacketMirroring mirroredResourceInfos. MirroredResourceInfo specifies a set of mirrored VM instances, subnetworks and/or tags for which traffic from/to all VM instances will be mirrored." }, "name": { "description": "Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "network": { "$ref": "#/definitions/PacketMirroringNetworkInfo", "description": "Specifies the mirrored VPC network. Only packets in this network will be mirrored. All mirrored VMs should have a NIC in the given network. All mirrored subnetworks should belong to the given network." }, "priority": { "description": "The priority of applying this configuration. Priority is used to break ties in cases where there is more than one matching rule. In the case of two rules that apply for a given Instance, the one with the lowest-numbered priority value wins. Default value is 1000. Valid range is 0 through 65535.", "type": "integer" }, "region": { "description": "[Output Only] URI of the region where the packetMirroring resides.", "type": "string" }, "selfLink": { "description": "[Output Only] Server-defined URL for the resource.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/PacketMirroring", "modUri": "tmod:@turbot/gcp-network" }}PacketMirroringFilter
{ "properties": { "IPProtocols": { "description": "Protocols that apply as filter on mirrored traffic. If no protocols are specified, all traffic that matches the specified CIDR ranges is mirrored. If neither cidrRanges nor IPProtocols is specified, all IPv4 traffic is mirrored.", "items": { "type": "string" }, "type": "array" }, "cidrRanges": { "description": "One or more IPv4 or IPv6 CIDR ranges that apply as filter on the source (ingress) or destination (egress) IP in the IP header. If no ranges are specified, all IPv4 traffic that matches the specified IPProtocols is mirrored. If neither cidrRanges nor IPProtocols is specified, all IPv4 traffic is mirrored. To mirror all IPv4 and IPv6 traffic, use \"0.0.0.0/0,::/0\". Note: Support for IPv6 traffic is in preview.", "items": { "type": "string" }, "type": "array" }, "direction": { "description": "Direction of traffic to mirror, either INGRESS, EGRESS, or BOTH. The default is BOTH.", "enum": [ "BOTH", "EGRESS", "INGRESS" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/PacketMirroringFilter", "modUri": "tmod:@turbot/gcp-network" }}PacketMirroringForwardingRuleInfo
{ "properties": { "canonicalUrl": { "description": "[Output Only] Unique identifier for the forwarding rule; defined by the server.", "type": "string" }, "url": { "description": "Resource URL to the forwarding rule representing the ILB configured as destination of the mirrored traffic.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/PacketMirroringForwardingRuleInfo", "modUri": "tmod:@turbot/gcp-network" }}PacketMirroringMirroredResourceInfo
{ "properties": { "instances": { "description": "A set of virtual machine instances that are being mirrored. They must live in zones contained in the same region as this packetMirroring. Note that this config will apply only to those network interfaces of the Instances that belong to the network specified in this packetMirroring. You may specify a maximum of 50 Instances.", "items": { "$ref": "#/definitions/PacketMirroringMirroredResourceInfoInstanceInfo" }, "type": "array" }, "subnetworks": { "description": "A set of subnetworks for which traffic from/to all VM instances will be mirrored. They must live in the same region as this packetMirroring. You may specify a maximum of 5 subnetworks.", "items": { "$ref": "#/definitions/PacketMirroringMirroredResourceInfoSubnetInfo" }, "type": "array" }, "tags": { "description": "A set of mirrored tags. Traffic from/to all VM instances that have one or more of these tags will be mirrored.", "items": { "type": "string" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/PacketMirroringMirroredResourceInfo", "modUri": "tmod:@turbot/gcp-network" }}PacketMirroringMirroredResourceInfoInstanceInfo
{ "properties": { "canonicalUrl": { "description": "[Output Only] Unique identifier for the instance; defined by the server.", "type": "string" }, "url": { "description": "Resource URL to the virtual machine instance which is being mirrored.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/PacketMirroringMirroredResourceInfoInstanceInfo", "modUri": "tmod:@turbot/gcp-network" }}PacketMirroringMirroredResourceInfoSubnetInfo
{ "properties": { "canonicalUrl": { "description": "[Output Only] Unique identifier for the subnetwork; defined by the server.", "type": "string" }, "url": { "description": "Resource URL to the subnetwork for which traffic from/to all VM instances will be mirrored.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/PacketMirroringMirroredResourceInfoSubnetInfo", "modUri": "tmod:@turbot/gcp-network" }}PacketMirroringNetworkInfo
{ "properties": { "canonicalUrl": { "description": "[Output Only] Unique identifier for the network; defined by the server.", "type": "string" }, "url": { "description": "URL of the network resource.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/PacketMirroringNetworkInfo", "modUri": "tmod:@turbot/gcp-network" }}PathMatcher
{ "description": "A matcher for the path portion of the URL. The BackendService from the longest-matched rule will serve the URL. If no rule was matched, the default service is used.", "properties": { "defaultRouteAction": { "$ref": "#/definitions/HttpRouteAction", "description": "defaultRouteAction takes effect when none of the pathRules or routeRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. Only one of defaultRouteAction or defaultUrlRedirect must be set. URL maps for classic Application Load Balancers only support the urlRewrite action within a path matcher's defaultRouteAction." }, "defaultService": { "description": "The full or partial URL to the BackendService resource. This URL is used if none of the pathRules or routeRules defined by this PathMatcher are matched. For example, the following are all valid URLs to a BackendService resource: - https://www.googleapis.com/compute/v1/projects/project /global/backendServices/backendService - compute/v1/projects/project/global/backendServices/backendService - global/backendServices/backendService If defaultRouteAction is also specified, advanced routing actions, such as URL rewrites, take effect before sending the request to the backend. However, if defaultService is specified, defaultRouteAction cannot contain any weightedBackendServices. Conversely, if defaultRouteAction specifies any weightedBackendServices, defaultService must not be specified. Only one of defaultService, defaultUrlRedirect , or defaultRouteAction.weightedBackendService must be set. Authorization requires one or more of the following Google IAM permissions on the specified resource default_service: - compute.backendBuckets.use - compute.backendServices.use ", "type": "string" }, "defaultUrlRedirect": { "$ref": "#/definitions/HttpRedirectAction", "description": "When none of the specified pathRules or routeRules match, the request is redirected to a URL specified by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or defaultRouteAction must not be set. Not supported when the URL map is bound to a target gRPC proxy." }, "description": { "description": "An optional description of this resource. Provide this property when you create the resource.", "type": "string" }, "headerAction": { "$ref": "#/definitions/HttpHeaderAction", "description": "Specifies changes to request and response headers that need to take effect for the selected backend service. HeaderAction specified here are applied after the matching HttpRouteRule HeaderAction and before the HeaderAction in the UrlMap HeaderAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true." }, "name": { "description": "The name to which this PathMatcher is referred by the HostRule.", "type": "string" }, "pathRules": { "description": "The list of path rules. Use this list instead of routeRules when routing based on simple path matching is all that's required. The order by which path rules are specified does not matter. Matches are always done on the longest-path-first basis. For example: a pathRule with a path /a/b/c/* will match before /a/b/* irrespective of the order in which those paths appear in this list. Within a given pathMatcher, only one of pathRules or routeRules must be set.", "items": { "$ref": "#/definitions/PathRule" }, "type": "array" }, "routeRules": { "description": "The list of HTTP route rules. Use this list instead of pathRules when advanced route matching and routing actions are desired. routeRules are evaluated in order of priority, from the lowest to highest number. Within a given pathMatcher, you can set only one of pathRules or routeRules.", "items": { "$ref": "#/definitions/HttpRouteRule" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/PathMatcher", "modUri": "tmod:@turbot/gcp-network" }}PathRule
{ "description": "A path-matching rule for a URL. If matched, will use the specified BackendService to handle the traffic arriving at this URL.", "properties": { "paths": { "description": "The list of path patterns to match. Each must start with / and the only place a * is allowed is at the end following a /. The string fed to the path matcher does not include any text after the first ? or #, and those chars are not allowed here.", "items": { "type": "string" }, "type": "array" }, "routeAction": { "$ref": "#/definitions/HttpRouteAction", "description": "In response to a matching path, the load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If routeAction specifies any weightedBackendServices, service must not be set. Conversely if service is set, routeAction cannot contain any weightedBackendServices. Only one of routeAction or urlRedirect must be set. URL maps for classic Application Load Balancers only support the urlRewrite action within a path rule's routeAction." }, "service": { "description": "The full or partial URL of the backend service resource to which traffic is directed if this rule is matched. If routeAction is also specified, advanced routing actions, such as URL rewrites, take effect before sending the request to the backend. However, if service is specified, routeAction cannot contain any weightedBackendServices. Conversely, if routeAction specifies any weightedBackendServices, service must not be specified. Only one of urlRedirect, service or routeAction.weightedBackendService must be set.", "type": "string" }, "urlRedirect": { "$ref": "#/definitions/HttpRedirectAction", "description": "When a path pattern is matched, the request is redirected to a URL specified by urlRedirect. If urlRedirect is specified, service or routeAction must not be set. Not supported when the URL map is bound to a target gRPC proxy." } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/PathRule", "modUri": "tmod:@turbot/gcp-network" }}Policy
{ "description": "An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A `Policy` is a collection of `bindings`. A `binding` binds one or more `members`, or principals, to a single `role`. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A `role` is a named list of permissions; each `role` can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a `binding` can also specify a `condition`, which is a logical expression that allows access to a resource only if the expression evaluates to `true`. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** ``` { \"bindings\": [ { \"role\": \"roles/resourcemanager.organizationAdmin\", \"members\": [ \"user:mike@example.com\", \"group:admins@example.com\", \"domain:google.com\", \"serviceAccount:my-project-id@appspot.gserviceaccount.com\" ] }, { \"role\": \"roles/resourcemanager.organizationViewer\", \"members\": [ \"user:eve@example.com\" ], \"condition\": { \"title\": \"expirable access\", \"description\": \"Does not grant access after Sep 2020\", \"expression\": \"request.time < timestamp('2020-10-01T00:00:00.000Z')\", } } ], \"etag\": \"BwWWja0YfJA=\", \"version\": 3 } ``` **YAML example:** ``` bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 ``` For a description of IAM and its features, see the [IAM documentation](https://cloud.google.com/iam/docs/).", "properties": { "auditConfigs": { "description": "Specifies cloud audit logging configuration for this policy.", "items": { "$ref": "#/definitions/AuditConfig" }, "type": "array" }, "bindings": { "description": "Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.", "items": { "$ref": "#/definitions/Binding" }, "type": "array" }, "etag": { "description": "`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.", "type": "string" }, "rules": { "description": "This is deprecated and has no effect. Do not use.", "items": { "$ref": "#/definitions/Rule" }, "type": "array" }, "version": { "description": "Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).", "type": "integer" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/Policy", "modUri": "tmod:@turbot/gcp-network" }}regionBackendService
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/resourceName" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/regionBackendServiceAka" } }, "title": { "$ref": "#/definitions/resourceName" }, "custom": { "type": "object", "properties": { "gcp": { "$ref": "gcp#/definitions/gcpMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "name": "tes01", "turbot": { "custom": { "gcp": { "projectId": "my-project", "regionName": "us-east1" } } } } }, { "description": "Invalid - Missing name", "input": { "turbot": { "custom": { "gcp": { "projectId": "123-456", "regionName": "southamerica-east1" } } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "name": "tes01" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/regionBackendService", "modUri": "tmod:@turbot/gcp-network" }}regionBackendServiceAka
{ "type": "string", "pattern": "^gcp://compute.googleapis.com/projects/[a-z0-9-]{5,29}[a-z0-9]{1}/regions/[a-z]{2,9}-[a-z]{2,8}[0-9]/backendServices/[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?$", "tests": [ { "descritpion": "base case", "input": "gcp://compute.googleapis.com/projects/my-project/regions/us-east1/backendServices/test01" }, { "description": "invalid - invalid name", "input": "gcp://compute.googleapis.com/projects/my-project/regions/us-east1/backendServices/test01-", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/regionBackendServiceAka", "modUri": "tmod:@turbot/gcp-network" }}regionName
{ "type": "string", "enum": [ "asia-east1", "asia-northeast1", "asia-south1", "asia-southeast1", "australia-southeast1", "europe-north1", "europe-west1", "europe-west2", "europe-west3", "europe-west4", "europe-west6", "northamerica-northeast1", "southamerica-east1", "us-central1", "us-east1", "us-east4", "us-west1", "us-west2" ], "tests": [ { "input": "us-east1" }, { "description": "invalid - usea1", "input": "usea1", "expected": false }, { "description": "invalid - north-america-northeast1", "input": "north-america-northeast1", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/regionName", "modUri": "tmod:@turbot/gcp-network" }}RequestMirrorPolicy
{ "description": "A policy that specifies how requests intended for the route's backends are shadowed to a separate mirrored backend service. The load balancer doesn't wait for responses from the shadow service. Before sending traffic to the shadow service, the host or authority header is suffixed with -shadow.", "properties": { "backendService": { "description": "The full or partial URL to the BackendService resource being mirrored to. The backend service configured for a mirroring policy must reference backends that are of the same type as the original backend service matched in the URL map. Serverless NEG backends are not currently supported as a mirrored backend service. ", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/RequestMirrorPolicy", "modUri": "tmod:@turbot/gcp-network" }}resourceName
{ "type": "string", "pattern": "^[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?$", "minLength": 1, "maxLength": 63, "tests": [ { "input": "test" }, { "input": "testmeplease" }, { "input": "a123456789a123456789a123456789a123456789a123456789a123456789a12" }, { "description": "invalid - can not start with uppercase", "input": "Test", "expected": false }, { "description": "invalid - can not contain a special character", "input": "test@123", "expected": false }, { "description": "invalid - too long", "input": "a123456789a123456789a123456789a123456789a123456789a123456789a12b", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/resourceName", "modUri": "tmod:@turbot/gcp-network" }}route
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/routeName" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/routeAka" } }, "title": { "$ref": "#/definitions/regionName" }, "custom": { "type": "object", "properties": { "gcp": { "$ref": "gcp#/definitions/gcpMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "required": [ "name", "turbot" ], "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "name": "testelb", "turbot": { "custom": { "createTimestamp": "2017-03-05T13:58:05.590Z", "gcp": { "projectId": "123-456" } } } } }, { "description": "Invalid - Missing name", "input": { "turbot": { "custom": { "createTimestamp": "2017-03-05T13:58:05.590Z", "gcp": { "projectId": "123-456" } } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "name": "testelb" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/route", "modUri": "tmod:@turbot/gcp-network" }}Route
{ "description": "Represents a Route resource. A route defines a path from VM instances in the VPC network to a specific destination. This destination can be inside or outside the VPC network. For more information, read the Routes overview.", "properties": { "asPaths": { "description": "[Output Only] AS path.", "items": { "$ref": "#/definitions/RouteAsPath" }, "type": "array" }, "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "description": { "description": "An optional description of this resource. Provide this field when you create the resource.", "type": "string" }, "destRange": { "description": "The destination range of outgoing packets that this route applies to. Both IPv4 and IPv6 are supported. Must specify an IPv4 range (e.g. 192.0.2.0/24) or an IPv6 range in RFC 4291 format (e.g. 2001:db8::/32). IPv6 range will be displayed using RFC 5952 compressed format.", "type": "string" }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "kind": { "default": "compute#route", "description": "[Output Only] Type of this resource. Always compute#routes for Route resources.", "type": "string" }, "name": { "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?`. The first character must be a lowercase letter, and all following characters (except for the last character) must be a dash, lowercase letter, or digit. The last character must be a lowercase letter or digit.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "network": { "description": "Fully-qualified URL of the network that this route applies to.", "type": "string" }, "nextHopGateway": { "description": "The URL to a gateway that should handle matching packets. You can only specify the internet gateway using a full or partial valid URL: projects/ project/global/gateways/default-internet-gateway", "type": "string" }, "nextHopHub": { "description": "[Output Only] The full resource name of the Network Connectivity Center hub that will handle matching packets.", "type": "string" }, "nextHopIlb": { "description": "The URL to a forwarding rule of type loadBalancingScheme=INTERNAL that should handle matching packets or the IP address of the forwarding Rule. For example, the following are all valid URLs: - 10.128.0.56 - https://www.googleapis.com/compute/v1/projects/project/regions/region /forwardingRules/forwardingRule - regions/region/forwardingRules/forwardingRule ", "type": "string" }, "nextHopInstance": { "description": "The URL to an instance that should handle matching packets. You can specify this as a full or partial URL. For example: https://www.googleapis.com/compute/v1/projects/project/zones/zone/instances/", "type": "string" }, "nextHopIp": { "description": "The network IP address of an instance that should handle matching packets. Both IPv6 address and IPv4 addresses are supported. Must specify an IPv4 address in dot-decimal notation (e.g. 192.0.2.99) or an IPv6 address in RFC 4291 format (e.g. 2001:db8::2d9:51:0:0 or 2001:db8:0:0:2d9:51:0:0). IPv6 addresses will be displayed using RFC 5952 compressed format (e.g. 2001:db8::2d9:51:0:0). Should never be an IPv4-mapped IPv6 address.", "type": "string" }, "nextHopNetwork": { "description": "The URL of the local network if it should handle matching packets.", "type": "string" }, "nextHopPeering": { "description": "[Output Only] The network peering name that should handle matching packets, which should conform to RFC1035.", "type": "string" }, "nextHopVpnTunnel": { "description": "The URL to a VpnTunnel that should handle matching packets.", "type": "string" }, "priority": { "description": "The priority of this route. Priority is used to break ties in cases where there is more than one matching route of equal prefix length. In cases where multiple routes have equal prefix length, the one with the lowest-numbered priority value wins. The default value is `1000`. The priority value must be from `0` to `65535`, inclusive.", "type": "integer" }, "routeStatus": { "description": "[Output only] The status of the route.", "enum": [ "ACTIVE", "DROPPED", "INACTIVE", "PENDING" ], "type": "string" }, "routeType": { "description": "[Output Only] The type of this route, which can be one of the following values: - 'TRANSIT' for a transit route that this router learned from another Cloud Router and will readvertise to one of its BGP peers - 'SUBNET' for a route from a subnet of the VPC - 'BGP' for a route learned from a BGP peer of this router - 'STATIC' for a static route", "enum": [ "BGP", "STATIC", "SUBNET", "TRANSIT" ], "type": "string" }, "selfLink": { "description": "[Output Only] Server-defined fully-qualified URL for this resource.", "type": "string" }, "tags": { "description": "A list of instance tags to which this route applies.", "items": { "type": "string" }, "type": "array" }, "warnings": { "description": "[Output Only] If potential misconfigurations are detected for this route, this field will be populated with warning messages.", "items": { "properties": { "code": { "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", "enum": [ "CLEANUP_FAILED", "DEPRECATED_RESOURCE_USED", "DEPRECATED_TYPE_USED", "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", "EXPERIMENTAL_TYPE_USED", "EXTERNAL_API_WARNING", "FIELD_VALUE_OVERRIDEN", "INJECTED_KERNELS_DEPRECATED", "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB", "LARGE_DEPLOYMENT_WARNING", "LIST_OVERHEAD_QUOTA_EXCEED", "MISSING_TYPE_DEPENDENCY", "NEXT_HOP_ADDRESS_NOT_ASSIGNED", "NEXT_HOP_CANNOT_IP_FORWARD", "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE", "NEXT_HOP_INSTANCE_NOT_FOUND", "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", "NEXT_HOP_NOT_RUNNING", "NOT_CRITICAL_ERROR", "NO_RESULTS_ON_PAGE", "PARTIAL_SUCCESS", "REQUIRED_TOS_AGREEMENT", "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", "RESOURCE_NOT_DELETED", "SCHEMA_VALIDATION_IGNORED", "SINGLE_INSTANCE_PROPERTY_TEMPLATE", "UNDECLARED_PROPERTIES", "UNREACHABLE" ], "type": "string", "x-enumDeprecated": [ false, false, false, false, false, false, true, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false ] }, "data": { "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ", "items": { "properties": { "key": { "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", "type": "string" }, "value": { "description": "[Output Only] A warning data value corresponding to the key.", "type": "string" } }, "type": "object" }, "type": "array" }, "message": { "description": "[Output Only] A human-readable description of the warning code.", "type": "string" } }, "type": "object" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/Route", "modUri": "tmod:@turbot/gcp-network" }}routeAka
{ "type": "string", "pattern": "^gcp://compute.googleapis.com/projects/[a-z0-9-]{5,29}[a-z0-9]{1}/global/routes/[a-z]([-a-z0-9]*[a-z0-9])?$", "tests": [ { "descritpion": "base case", "input": "gcp://compute.googleapis.com/projects/aar-a4b6d489/global/routes/test01" }, { "description": "invalid - invalid name", "input": "gcp://compute.googleapis.com/projects/aar-a4b6d489/global/routes/test01-", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/routeAka", "modUri": "tmod:@turbot/gcp-network" }}RouteAsPath
{ "properties": { "asLists": { "description": "[Output Only] The AS numbers of the AS Path.", "items": { "type": "integer" }, "type": "array" }, "pathSegmentType": { "description": "[Output Only] The type of the AS Path, which can be one of the following values: - 'AS_SET': unordered set of autonomous systems that the route in has traversed - 'AS_SEQUENCE': ordered set of autonomous systems that the route has traversed - 'AS_CONFED_SEQUENCE': ordered set of Member Autonomous Systems in the local confederation that the route has traversed - 'AS_CONFED_SET': unordered set of Member Autonomous Systems in the local confederation that the route has traversed ", "enum": [ "AS_CONFED_SEQUENCE", "AS_CONFED_SET", "AS_SEQUENCE", "AS_SET" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/RouteAsPath", "modUri": "tmod:@turbot/gcp-network" }}routeName
{ "type": "string", "pattern": "^[a-z]([-a-z0-9]*[a-z0-9])?$", "minLength": 1, "maxLength": 63, "tests": [ { "input": "test01" }, { "description": "ivalid - array type passed", "input": [ "testName009" ], "expected": false }, { "description": "invalid - empty string passed", "input": "", "expected": false }, { "description": "invalid - too long", "input": "test01test01test01test01test01test01test01test01test01test01test01test01test01ttest01test01test01test01test01test01test01test01test01test01test01test01test01t", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/routeName", "modUri": "tmod:@turbot/gcp-network" }}router
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/routerName" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/routerAka" } }, "title": { "$ref": "#/definitions/routerName" }, "custom": { "type": "object", "properties": { "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "gcp": { "$ref": "gcp#/definitions/gcpMetadata" } } } } } }, "required": [ "name", "turbot" ], "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "name": "test01", "turbot": { "akas": [ "gcp://compute.googleapis.com/projects/aar-a4b6d489/regions/us-west1/routers/test01" ], "custom": { "createTimestamp": "2017-03-05T13:58:05.590Z", "gcp": { "projectId": "aar-a4b6d489", "regionName": "us-west1" } }, "title": "test01" } } }, { "description": "Invalid - Missing name", "input": { "turbot": { "akas": [ "gcp://compute.googleapis.com/projects/aar-a4b6d489/regions/us-west1/routers/test01" ], "custom": { "createTimestamp": "2017-03-05T13:58:05.590Z", "gcp": { "projectId": "aar-a4b6d489", "regionName": "us-west1" } }, "title": "test01" } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "name": "tes01" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/router", "modUri": "tmod:@turbot/gcp-network" }}Router
{ "description": "Represents a Cloud Router resource. For more information about Cloud Router, read the Cloud Router overview.", "properties": { "bgp": { "$ref": "#/definitions/RouterBgp", "description": "BGP information specific to this router." }, "bgpPeers": { "description": "BGP information that must be configured into the routing stack to establish BGP peering. This information must specify the peer ASN and either the interface name, IP address, or peer IP address. Please refer to RFC4273.", "items": { "$ref": "#/definitions/RouterBgpPeer" }, "type": "array" }, "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "description": { "description": "An optional description of this resource. Provide this property when you create the resource.", "type": "string" }, "encryptedInterconnectRouter": { "description": "Indicates if a router is dedicated for use with encrypted VLAN attachments (interconnectAttachments).", "type": "boolean" }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "interfaces": { "description": "Router interfaces. To create a BGP peer that uses a router interface, the interface must have one of the following fields specified: - linkedVpnTunnel - linkedInterconnectAttachment - subnetwork You can create a router interface without any of these fields specified. However, you cannot create a BGP peer that uses that interface.", "items": { "$ref": "#/definitions/RouterInterface" }, "type": "array" }, "kind": { "default": "compute#router", "description": "[Output Only] Type of resource. Always compute#router for routers.", "type": "string" }, "md5AuthenticationKeys": { "description": "Keys used for MD5 authentication.", "items": { "$ref": "#/definitions/RouterMd5AuthenticationKey" }, "type": "array" }, "name": { "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "nats": { "description": "A list of NAT services created in this router.", "items": { "$ref": "#/definitions/RouterNat" }, "type": "array" }, "network": { "description": "URI of the network to which this router belongs.", "type": "string" }, "region": { "description": "[Output Only] URI of the region where the router resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", "type": "string" }, "selfLink": { "description": "[Output Only] Server-defined URL for the resource.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/Router", "modUri": "tmod:@turbot/gcp-network" }}RouterAdvertisedIpRange
{ "description": "Description-tagged IP ranges for the router to advertise.", "properties": { "description": { "description": "User-specified description for the IP range.", "type": "string" }, "range": { "description": "The IP range to advertise. The value must be a CIDR-formatted string.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/RouterAdvertisedIpRange", "modUri": "tmod:@turbot/gcp-network" }}routerAka
{ "type": "string", "pattern": "^gcp://compute.googleapis.com/projects/[a-z0-9-]{5,29}[a-z0-9]{1}/regions/(asia-east1|asia-east2|asia-northeast1|asia-south1|asia-southeast1|australia-southeast1|europe-north1|europe-west1|europe-west2|europe-west3|europe-west4|northamerica-northeast1|southamerica-east1|us-central1|us-east1|us-east4|us-west1|us-west2|global)/routers/[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?$", "tests": [ { "descritpion": "base case", "input": "gcp://compute.googleapis.com/projects/aar-a4b6d489/regions/us-east1/routers/test01" }, { "description": "invalid - project ID too short", "input": "gcp://compute.googleapis.com/projects/bad/regions/us-east1/routers/test01", "expected": false }, { "description": "invalid - invalid router name", "input": "gcp://compute.googleapis.com/projects/aar-a4b6d489/regions/us-east1/routers/123testing", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/routerAka", "modUri": "tmod:@turbot/gcp-network" }}RouterBgp
{ "properties": { "advertiseMode": { "description": "User-specified flag to indicate which mode to use for advertisement. The options are DEFAULT or CUSTOM.", "enum": [ "CUSTOM", "DEFAULT" ], "type": "string" }, "advertisedGroups": { "description": "User-specified list of prefix groups to advertise in custom mode. This field can only be populated if advertise_mode is CUSTOM and is advertised to all peers of the router. These groups will be advertised in addition to any specified prefixes. Leave this field blank to advertise no custom groups.", "items": { "enum": [ "ALL_SUBNETS" ], "type": "string" }, "type": "array" }, "advertisedIpRanges": { "description": "User-specified list of individual IP ranges to advertise in custom mode. This field can only be populated if advertise_mode is CUSTOM and is advertised to all peers of the router. These IP ranges will be advertised in addition to any specified groups. Leave this field blank to advertise no custom IP ranges.", "items": { "$ref": "#/definitions/RouterAdvertisedIpRange" }, "type": "array" }, "asn": { "description": "Local BGP Autonomous System Number (ASN). Must be an RFC6996 private ASN, either 16-bit or 32-bit. The value will be fixed for this router resource. All VPN tunnels that link to this router will have the same local ASN.", "type": "integer" }, "keepaliveInterval": { "description": "The interval in seconds between BGP keepalive messages that are sent to the peer. Hold time is three times the interval at which keepalive messages are sent, and the hold time is the maximum number of seconds allowed to elapse between successive keepalive messages that BGP receives from a peer. BGP will use the smaller of either the local hold time value or the peer's hold time value as the hold time for the BGP connection between the two peers. If set, this value must be between 20 and 60. The default is 20.", "type": "integer" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/RouterBgp", "modUri": "tmod:@turbot/gcp-network" }}RouterBgpPeer
{ "properties": { "advertiseMode": { "description": "User-specified flag to indicate which mode to use for advertisement.", "enum": [ "CUSTOM", "DEFAULT" ], "type": "string" }, "advertisedGroups": { "description": "User-specified list of prefix groups to advertise in custom mode, which currently supports the following option: - ALL_SUBNETS: Advertises all of the router's own VPC subnets. This excludes any routes learned for subnets that use VPC Network Peering. Note that this field can only be populated if advertise_mode is CUSTOM and overrides the list defined for the router (in the \"bgp\" message). These groups are advertised in addition to any specified prefixes. Leave this field blank to advertise no custom groups.", "items": { "enum": [ "ALL_SUBNETS" ], "type": "string" }, "type": "array" }, "advertisedIpRanges": { "description": "User-specified list of individual IP ranges to advertise in custom mode. This field can only be populated if advertise_mode is CUSTOM and overrides the list defined for the router (in the \"bgp\" message). These IP ranges are advertised in addition to any specified groups. Leave this field blank to advertise no custom IP ranges.", "items": { "$ref": "#/definitions/RouterAdvertisedIpRange" }, "type": "array" }, "advertisedRoutePriority": { "description": "The priority of routes advertised to this BGP peer. Where there is more than one matching route of maximum length, the routes with the lowest priority value win.", "type": "integer" }, "bfd": { "$ref": "#/definitions/RouterBgpPeerBfd", "description": "BFD configuration for the BGP peering." }, "customLearnedIpRanges": { "description": "A list of user-defined custom learned route IP address ranges for a BGP session.", "items": { "$ref": "#/definitions/RouterBgpPeerCustomLearnedIpRange" }, "type": "array" }, "customLearnedRoutePriority": { "description": "The user-defined custom learned route priority for a BGP session. This value is applied to all custom learned route ranges for the session. You can choose a value from `0` to `65335`. If you don't provide a value, Google Cloud assigns a priority of `100` to the ranges.", "type": "integer" }, "enable": { "description": "The status of the BGP peer connection. If set to FALSE, any active session with the peer is terminated and all associated routing information is removed. If set to TRUE, the peer connection can be established with routing information. The default is TRUE.", "enum": [ "FALSE", "TRUE" ], "type": "string" }, "enableIpv6": { "description": "Enable IPv6 traffic over BGP Peer. If not specified, it is disabled by default.", "type": "boolean" }, "interfaceName": { "description": "Name of the interface the BGP peer is associated with.", "type": "string" }, "ipAddress": { "description": "IP address of the interface inside Google Cloud Platform. Only IPv4 is supported.", "type": "string" }, "ipv6NexthopAddress": { "description": "IPv6 address of the interface inside Google Cloud Platform.", "type": "string" }, "managementType": { "description": "[Output Only] The resource that configures and manages this BGP peer. - MANAGED_BY_USER is the default value and can be managed by you or other users - MANAGED_BY_ATTACHMENT is a BGP peer that is configured and managed by Cloud Interconnect, specifically by an InterconnectAttachment of type PARTNER. Google automatically creates, updates, and deletes this type of BGP peer when the PARTNER InterconnectAttachment is created, updated, or deleted. ", "enum": [ "MANAGED_BY_ATTACHMENT", "MANAGED_BY_USER" ], "type": "string" }, "md5AuthenticationKeyName": { "description": "Present if MD5 authentication is enabled for the peering. Must be the name of one of the entries in the Router.md5_authentication_keys. The field must comply with RFC1035.", "type": "string" }, "name": { "description": "Name of this BGP peer. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "peerAsn": { "description": "Peer BGP Autonomous System Number (ASN). Each BGP interface may use a different value.", "type": "integer" }, "peerIpAddress": { "description": "IP address of the BGP interface outside Google Cloud Platform. Only IPv4 is supported.", "type": "string" }, "peerIpv6NexthopAddress": { "description": "IPv6 address of the BGP interface outside Google Cloud Platform.", "type": "string" }, "routerApplianceInstance": { "description": "URI of the VM instance that is used as third-party router appliances such as Next Gen Firewalls, Virtual Routers, or Router Appliances. The VM instance must be located in zones contained in the same region as this Cloud Router. The VM instance is the peer side of the BGP session.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/RouterBgpPeer", "modUri": "tmod:@turbot/gcp-network" }}RouterBgpPeerBfd
{ "properties": { "minReceiveInterval": { "description": "The minimum interval, in milliseconds, between BFD control packets received from the peer router. The actual value is negotiated between the two routers and is equal to the greater of this value and the transmit interval of the other router. If set, this value must be between 1000 and 30000. The default is 1000.", "type": "integer" }, "minTransmitInterval": { "description": "The minimum interval, in milliseconds, between BFD control packets transmitted to the peer router. The actual value is negotiated between the two routers and is equal to the greater of this value and the corresponding receive interval of the other router. If set, this value must be between 1000 and 30000. The default is 1000.", "type": "integer" }, "multiplier": { "description": "The number of consecutive BFD packets that must be missed before BFD declares that a peer is unavailable. If set, the value must be a value between 5 and 16. The default is 5.", "type": "integer" }, "sessionInitializationMode": { "description": "The BFD session initialization mode for this BGP peer. If set to ACTIVE, the Cloud Router will initiate the BFD session for this BGP peer. If set to PASSIVE, the Cloud Router will wait for the peer router to initiate the BFD session for this BGP peer. If set to DISABLED, BFD is disabled for this BGP peer. The default is DISABLED.", "enum": [ "ACTIVE", "DISABLED", "PASSIVE" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/RouterBgpPeerBfd", "modUri": "tmod:@turbot/gcp-network" }}RouterBgpPeerCustomLearnedIpRange
{ "properties": { "range": { "description": "The custom learned route IP address range. Must be a valid CIDR-formatted prefix. If an IP address is provided without a subnet mask, it is interpreted as, for IPv4, a `/32` singular IP address range, and, for IPv6, `/128`.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/RouterBgpPeerCustomLearnedIpRange", "modUri": "tmod:@turbot/gcp-network" }}RouterInterface
{ "properties": { "ipRange": { "description": "IP address and range of the interface. The IP range must be in the RFC3927 link-local IP address space. The value must be a CIDR-formatted string, for example: 169.254.0.1/30. NOTE: Do not truncate the address as it represents the IP address of the interface.", "type": "string" }, "linkedInterconnectAttachment": { "description": "URI of the linked Interconnect attachment. It must be in the same region as the router. Each interface can have one linked resource, which can be a VPN tunnel, an Interconnect attachment, or a subnetwork.", "type": "string" }, "linkedVpnTunnel": { "description": "URI of the linked VPN tunnel, which must be in the same region as the router. Each interface can have one linked resource, which can be a VPN tunnel, an Interconnect attachment, or a subnetwork.", "type": "string" }, "managementType": { "description": "[Output Only] The resource that configures and manages this interface. - MANAGED_BY_USER is the default value and can be managed directly by users. - MANAGED_BY_ATTACHMENT is an interface that is configured and managed by Cloud Interconnect, specifically, by an InterconnectAttachment of type PARTNER. Google automatically creates, updates, and deletes this type of interface when the PARTNER InterconnectAttachment is created, updated, or deleted. ", "enum": [ "MANAGED_BY_ATTACHMENT", "MANAGED_BY_USER" ], "type": "string" }, "name": { "description": "Name of this interface entry. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "privateIpAddress": { "description": "The regional private internal IP address that is used to establish BGP sessions to a VM instance acting as a third-party Router Appliance, such as a Next Gen Firewall, a Virtual Router, or an SD-WAN VM.", "type": "string" }, "redundantInterface": { "description": "Name of the interface that will be redundant with the current interface you are creating. The redundantInterface must belong to the same Cloud Router as the interface here. To establish the BGP session to a Router Appliance VM, you must create two BGP peers. The two BGP peers must be attached to two separate interfaces that are redundant with each other. The redundant_interface must be 1-63 characters long, and comply with RFC1035. Specifically, the redundant_interface must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "subnetwork": { "description": "The URI of the subnetwork resource that this interface belongs to, which must be in the same region as the Cloud Router. When you establish a BGP session to a VM instance using this interface, the VM instance must belong to the same subnetwork as the subnetwork specified here.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/RouterInterface", "modUri": "tmod:@turbot/gcp-network" }}RouterMd5AuthenticationKey
{ "properties": { "key": { "description": "[Input only] Value of the key. For patch and update calls, it can be skipped to copy the value from the previous configuration. This is allowed if the key with the same name existed before the operation. Maximum length is 80 characters. Can only contain printable ASCII characters.", "type": "string" }, "name": { "description": "Name used to identify the key. Must be unique within a router. Must be referenced by exactly one bgpPeer. Must comply with RFC1035.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/RouterMd5AuthenticationKey", "modUri": "tmod:@turbot/gcp-network" }}routerName
{ "type": "string", "pattern": "^[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?$", "tests": [ { "input": "test01" }, { "description": "invalid - array type passed", "input": [ "testName009" ], "expected": false }, { "description": "invalid - empty string passed", "input": "", "expected": false }, { "description": "invalid - too long", "input": "test01test01test01test01test01test01test01test01test01test01test01test01test01ttest01test01test01test01test01test01test01test01test01test01test01test01test01t", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/routerName", "modUri": "tmod:@turbot/gcp-network" }}RouterNat
{ "description": "Represents a Nat resource. It enables the VMs within the specified subnetworks to access Internet without external IP addresses. It specifies a list of subnetworks (and the ranges within) that want to use NAT. Customers can also provide the external IPs that would be used for NAT. GCP would auto-allocate ephemeral IPs if no external IPs are provided.", "properties": { "autoNetworkTier": { "description": "The network tier to use when automatically reserving NAT IP addresses. Must be one of: PREMIUM, STANDARD. If not specified, then the current project-level default tier is used.", "enum": [ "FIXED_STANDARD", "PREMIUM", "STANDARD", "STANDARD_OVERRIDES_FIXED_STANDARD" ], "type": "string" }, "drainNatIps": { "description": "A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT only.", "items": { "type": "string" }, "type": "array" }, "enableDynamicPortAllocation": { "description": "Enable Dynamic Port Allocation. If not specified, it is disabled by default. If set to true, - Dynamic Port Allocation will be enabled on this NAT config. - enableEndpointIndependentMapping cannot be set to true. - If minPorts is set, minPortsPerVm must be set to a power of two greater than or equal to 32. If minPortsPerVm is not set, a minimum of 32 ports will be allocated to a VM from this NAT config. ", "type": "boolean" }, "enableEndpointIndependentMapping": { "type": "boolean" }, "endpointTypes": { "description": "List of NAT-ted endpoint types supported by the Nat Gateway. If the list is empty, then it will be equivalent to include ENDPOINT_TYPE_VM", "items": { "enum": [ "ENDPOINT_TYPE_MANAGED_PROXY_LB", "ENDPOINT_TYPE_SWG", "ENDPOINT_TYPE_VM" ], "type": "string" }, "type": "array" }, "icmpIdleTimeoutSec": { "description": "Timeout (in seconds) for ICMP connections. Defaults to 30s if not set.", "type": "integer" }, "logConfig": { "$ref": "#/definitions/RouterNatLogConfig", "description": "Configure logging on this NAT." }, "maxPortsPerVm": { "description": "Maximum number of ports allocated to a VM from this NAT config when Dynamic Port Allocation is enabled. If Dynamic Port Allocation is not enabled, this field has no effect. If Dynamic Port Allocation is enabled, and this field is set, it must be set to a power of two greater than minPortsPerVm, or 64 if minPortsPerVm is not set. If Dynamic Port Allocation is enabled and this field is not set, a maximum of 65536 ports will be allocated to a VM from this NAT config.", "type": "integer" }, "minPortsPerVm": { "description": "Minimum number of ports allocated to a VM from this NAT config. If not set, a default number of ports is allocated to a VM. This is rounded up to the nearest power of 2. For example, if the value of this field is 50, at least 64 ports are allocated to a VM.", "type": "integer" }, "name": { "description": "Unique name of this Nat service. The name must be 1-63 characters long and comply with RFC1035.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "natIpAllocateOption": { "description": "Specify the NatIpAllocateOption, which can take one of the following values: - MANUAL_ONLY: Uses only Nat IP addresses provided by customers. When there are not enough specified Nat IPs, the Nat service fails for new VMs. - AUTO_ONLY: Nat IPs are allocated by Google Cloud Platform; customers can't specify any Nat IPs. When choosing AUTO_ONLY, then nat_ip should be empty. ", "enum": [ "AUTO_ONLY", "MANUAL_ONLY" ], "type": "string" }, "natIps": { "description": "A list of URLs of the IP resources used for this Nat service. These IP addresses must be valid static external IP addresses assigned to the project.", "items": { "type": "string" }, "type": "array" }, "rules": { "description": "A list of rules associated with this NAT.", "items": { "$ref": "#/definitions/RouterNatRule" }, "type": "array" }, "sourceSubnetworkIpRangesToNat": { "description": "Specify the Nat option, which can take one of the following values: - ALL_SUBNETWORKS_ALL_IP_RANGES: All of the IP ranges in every Subnetwork are allowed to Nat. - ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES: All of the primary IP ranges in every Subnetwork are allowed to Nat. - LIST_OF_SUBNETWORKS: A list of Subnetworks are allowed to Nat (specified in the field subnetwork below) The default is SUBNETWORK_IP_RANGE_TO_NAT_OPTION_UNSPECIFIED. Note that if this field contains ALL_SUBNETWORKS_ALL_IP_RANGES then there should not be any other Router.Nat section in any Router for this network in this region.", "enum": [ "ALL_SUBNETWORKS_ALL_IP_RANGES", "ALL_SUBNETWORKS_ALL_PRIMARY_IP_RANGES", "LIST_OF_SUBNETWORKS" ], "type": "string" }, "subnetworks": { "description": "A list of Subnetwork resources whose traffic should be translated by NAT Gateway. It is used only when LIST_OF_SUBNETWORKS is selected for the SubnetworkIpRangeToNatOption above.", "items": { "$ref": "#/definitions/RouterNatSubnetworkToNat" }, "type": "array" }, "tcpEstablishedIdleTimeoutSec": { "description": "Timeout (in seconds) for TCP established connections. Defaults to 1200s if not set.", "type": "integer" }, "tcpTimeWaitTimeoutSec": { "description": "Timeout (in seconds) for TCP connections that are in TIME_WAIT state. Defaults to 120s if not set.", "type": "integer" }, "tcpTransitoryIdleTimeoutSec": { "description": "Timeout (in seconds) for TCP transitory connections. Defaults to 30s if not set.", "type": "integer" }, "type": { "description": "Indicates whether this NAT is used for public or private IP translation. If unspecified, it defaults to PUBLIC.", "enum": [ "PRIVATE", "PUBLIC" ], "type": "string" }, "udpIdleTimeoutSec": { "description": "Timeout (in seconds) for UDP connections. Defaults to 30s if not set.", "type": "integer" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/RouterNat", "modUri": "tmod:@turbot/gcp-network" }}RouterNatLogConfig
{ "description": "Configuration of logging on a NAT.", "properties": { "enable": { "description": "Indicates whether or not to export logs. This is false by default.", "type": "boolean" }, "filter": { "description": "Specify the desired filtering of logs on this NAT. If unspecified, logs are exported for all connections handled by this NAT. This option can take one of the following values: - ERRORS_ONLY: Export logs only for connection failures. - TRANSLATIONS_ONLY: Export logs only for successful connections. - ALL: Export logs for all connections, successful and unsuccessful. ", "enum": [ "ALL", "ERRORS_ONLY", "TRANSLATIONS_ONLY" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/RouterNatLogConfig", "modUri": "tmod:@turbot/gcp-network" }}RouterNatRule
{ "properties": { "action": { "$ref": "#/definitions/RouterNatRuleAction", "description": "The action to be enforced for traffic that matches this rule." }, "description": { "description": "An optional description of this rule.", "type": "string" }, "match": { "description": "CEL expression that specifies the match condition that egress traffic from a VM is evaluated against. If it evaluates to true, the corresponding `action` is enforced. The following examples are valid match expressions for public NAT: \"inIpRange(destination.ip, '1.1.0.0/16') || inIpRange(destination.ip, '2.2.0.0/16')\" \"destination.ip == '1.1.0.1' || destination.ip == '8.8.8.8'\" The following example is a valid match expression for private NAT: \"nexthop.hub == '//networkconnectivity.googleapis.com/projects/my-project/locations/global/hubs/hub-1'\"", "type": "string" }, "ruleNumber": { "description": "An integer uniquely identifying a rule in the list. The rule number must be a positive value between 0 and 65000, and must be unique among rules within a NAT.", "type": "integer" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/RouterNatRule", "modUri": "tmod:@turbot/gcp-network" }}RouterNatRuleAction
{ "properties": { "sourceNatActiveIps": { "description": "A list of URLs of the IP resources used for this NAT rule. These IP addresses must be valid static external IP addresses assigned to the project. This field is used for public NAT.", "items": { "type": "string" }, "type": "array" }, "sourceNatActiveRanges": { "description": "A list of URLs of the subnetworks used as source ranges for this NAT Rule. These subnetworks must have purpose set to PRIVATE_NAT. This field is used for private NAT.", "items": { "type": "string" }, "type": "array" }, "sourceNatDrainIps": { "description": "A list of URLs of the IP resources to be drained. These IPs must be valid static external IPs that have been assigned to the NAT. These IPs should be used for updating/patching a NAT rule only. This field is used for public NAT.", "items": { "type": "string" }, "type": "array" }, "sourceNatDrainRanges": { "description": "A list of URLs of subnetworks representing source ranges to be drained. This is only supported on patch/update, and these subnetworks must have previously been used as active ranges in this NAT Rule. This field is used for private NAT.", "items": { "type": "string" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/RouterNatRuleAction", "modUri": "tmod:@turbot/gcp-network" }}RouterNatSubnetworkToNat
{ "description": "Defines the IP ranges that want to use NAT for a subnetwork.", "properties": { "name": { "description": "URL for the subnetwork resource that will use NAT.", "type": "string" }, "secondaryIpRangeNames": { "description": "A list of the secondary ranges of the Subnetwork that are allowed to use NAT. This can be populated only if \"LIST_OF_SECONDARY_IP_RANGES\" is one of the values in source_ip_ranges_to_nat.", "items": { "type": "string" }, "type": "array" }, "sourceIpRangesToNat": { "description": "Specify the options for NAT ranges in the Subnetwork. All options of a single value are valid except NAT_IP_RANGE_OPTION_UNSPECIFIED. The only valid option with multiple values is: [\"PRIMARY_IP_RANGE\", \"LIST_OF_SECONDARY_IP_RANGES\"] Default: [ALL_IP_RANGES]", "items": { "enum": [ "ALL_IP_RANGES", "LIST_OF_SECONDARY_IP_RANGES", "PRIMARY_IP_RANGE" ], "type": "string" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/RouterNatSubnetworkToNat", "modUri": "tmod:@turbot/gcp-network" }}Rule
{ "description": "This is deprecated and has no effect. Do not use.", "properties": { "action": { "description": "This is deprecated and has no effect. Do not use.", "enum": [ "ALLOW", "ALLOW_WITH_LOG", "DENY", "DENY_WITH_LOG", "LOG", "NO_ACTION" ], "type": "string" }, "conditions": { "description": "This is deprecated and has no effect. Do not use.", "items": { "$ref": "#/definitions/Condition" }, "type": "array" }, "description": { "description": "This is deprecated and has no effect. Do not use.", "type": "string" }, "ins": { "description": "This is deprecated and has no effect. Do not use.", "items": { "type": "string" }, "type": "array" }, "logConfigs": { "description": "This is deprecated and has no effect. Do not use.", "items": { "$ref": "#/definitions/LogConfig" }, "type": "array" }, "notIns": { "description": "This is deprecated and has no effect. Do not use.", "items": { "type": "string" }, "type": "array" }, "permissions": { "description": "This is deprecated and has no effect. Do not use.", "items": { "type": "string" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/Rule", "modUri": "tmod:@turbot/gcp-network" }}SecuritySettings
{ "description": "The authentication and authorization settings for a BackendService.", "properties": { "awsV4Authentication": { "$ref": "#/definitions/AWSV4Signature", "description": "The configuration needed to generate a signature for access to private storage buckets that support AWS's Signature Version 4 for authentication. Allowed only for INTERNET_IP_PORT and INTERNET_FQDN_PORT NEG backends." }, "clientTlsPolicy": { "description": "Optional. A URL referring to a networksecurity.ClientTlsPolicy resource that describes how clients should authenticate with this service's backends. clientTlsPolicy only applies to a global BackendService with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. If left blank, communications are not encrypted.", "type": "string" }, "subjectAltNames": { "description": "Optional. A list of Subject Alternative Names (SANs) that the client verifies during a mutual TLS handshake with an server/endpoint for this BackendService. When the server presents its X.509 certificate to the client, the client inspects the certificate's subjectAltName field. If the field contains one of the specified values, the communication continues. Otherwise, it fails. This additional check enables the client to verify that the server is authorized to run the requested service. Note that the contents of the server certificate's subjectAltName field are configured by the Public Key Infrastructure which provisions server identities. Only applies to a global BackendService with loadBalancingScheme set to INTERNAL_SELF_MANAGED. Only applies when BackendService has an attached clientTlsPolicy with clientCertificate (mTLS mode).", "items": { "type": "string" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/SecuritySettings", "modUri": "tmod:@turbot/gcp-network" }}SslCertificate
{ "description": "Represents an SSL certificate resource. Google Compute Engine has two SSL certificate resources: * [Global](/compute/docs/reference/rest/v1/sslCertificates) * [Regional](/compute/docs/reference/rest/v1/regionSslCertificates) The global SSL certificates (sslCertificates) are used by: - Global external Application Load Balancers - Classic Application Load Balancers - Proxy Network Load Balancers (with target SSL proxies) The regional SSL certificates (regionSslCertificates) are used by: - Regional external Application Load Balancers - Regional internal Application Load Balancers Optionally, certificate file contents that you upload can contain a set of up to five PEM-encoded certificates. The API call creates an object (sslCertificate) that holds this data. You can use SSL keys and certificates to secure connections to a load balancer. For more information, read Creating and using SSL certificates, SSL certificates quotas and limits, and Troubleshooting SSL certificates.", "properties": { "certificate": { "description": "A value read into memory from a certificate file. The certificate file must be in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert.", "type": "string" }, "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "description": { "description": "An optional description of this resource. Provide this property when you create the resource.", "type": "string" }, "expireTime": { "description": "[Output Only] Expire time of the certificate. RFC3339", "type": "string" }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "kind": { "default": "compute#sslCertificate", "description": "[Output Only] Type of the resource. Always compute#sslCertificate for SSL certificates.", "type": "string" }, "managed": { "$ref": "#/definitions/SslCertificateManagedSslCertificate", "description": "Configuration and status of a managed SSL certificate." }, "name": { "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "privateKey": { "description": "A value read into memory from a write-only private key file. The private key file must be in PEM format. For security, only insert requests include this field.", "type": "string" }, "region": { "description": "[Output Only] URL of the region where the regional SSL Certificate resides. This field is not applicable to global SSL Certificate.", "type": "string" }, "selfLink": { "description": "[Output only] Server-defined URL for the resource.", "type": "string" }, "selfManaged": { "$ref": "#/definitions/SslCertificateSelfManagedSslCertificate", "description": "Configuration and status of a self-managed SSL certificate." }, "subjectAlternativeNames": { "description": "[Output Only] Domains associated with the certificate via Subject Alternative Name.", "items": { "type": "string" }, "type": "array" }, "type": { "description": "(Optional) Specifies the type of SSL certificate, either \"SELF_MANAGED\" or \"MANAGED\". If not specified, the certificate is self-managed and the fields certificate and private_key are used.", "enum": [ "MANAGED", "SELF_MANAGED", "TYPE_UNSPECIFIED" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/SslCertificate", "modUri": "tmod:@turbot/gcp-network" }}SslCertificateManagedSslCertificate
{ "description": "Configuration and status of a managed SSL certificate.", "properties": { "domainStatus": { "additionalProperties": { "enum": [ "ACTIVE", "DOMAIN_STATUS_UNSPECIFIED", "FAILED_CAA_CHECKING", "FAILED_CAA_FORBIDDEN", "FAILED_NOT_VISIBLE", "FAILED_RATE_LIMITED", "PROVISIONING" ], "type": "string" }, "description": "[Output only] Detailed statuses of the domains specified for managed certificate resource.", "type": "object" }, "domains": { "description": "The domains for which a managed SSL certificate will be generated. Each Google-managed SSL certificate supports up to the [maximum number of domains per Google-managed SSL certificate](/load-balancing/docs/quotas#ssl_certificates).", "items": { "type": "string" }, "type": "array" }, "status": { "description": "[Output only] Status of the managed certificate resource.", "enum": [ "ACTIVE", "MANAGED_CERTIFICATE_STATUS_UNSPECIFIED", "PROVISIONING", "PROVISIONING_FAILED", "PROVISIONING_FAILED_PERMANENTLY", "RENEWAL_FAILED" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/SslCertificateManagedSslCertificate", "modUri": "tmod:@turbot/gcp-network" }}SslCertificateSelfManagedSslCertificate
{ "description": "Configuration and status of a self-managed SSL certificate.", "properties": { "certificate": { "description": "A local certificate file. The certificate must be in PEM format. The certificate chain must be no greater than 5 certs long. The chain must include at least one intermediate cert.", "type": "string" }, "privateKey": { "description": "A write-only private key in PEM format. Only insert requests will include this field.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/SslCertificateSelfManagedSslCertificate", "modUri": "tmod:@turbot/gcp-network" }}SslPolicy
{ "description": "Represents an SSL Policy resource. Use SSL policies to control SSL features, such as versions and cipher suites, that are offered by Application Load Balancers and proxy Network Load Balancers. For more information, read SSL policies overview.", "properties": { "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "customFeatures": { "description": "A list of features enabled when the selected profile is CUSTOM. The method returns the set of features that can be specified in this list. This field must be empty if the profile is not CUSTOM.", "items": { "type": "string" }, "type": "array" }, "description": { "description": "An optional description of this resource. Provide this property when you create the resource.", "type": "string" }, "enabledFeatures": { "description": "[Output Only] The list of features enabled in the SSL policy.", "items": { "type": "string" }, "type": "array" }, "fingerprint": { "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a SslPolicy. An up-to-date fingerprint must be provided in order to update the SslPolicy, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve an SslPolicy.", "type": "string" }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "kind": { "default": "compute#sslPolicy", "description": "[Output only] Type of the resource. Always compute#sslPolicyfor SSL policies.", "type": "string" }, "minTlsVersion": { "description": "The minimum version of SSL protocol that can be used by the clients to establish a connection with the load balancer. This can be one of TLS_1_0, TLS_1_1, TLS_1_2.", "enum": [ "TLS_1_0", "TLS_1_1", "TLS_1_2" ], "type": "string" }, "name": { "description": "Name of the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "profile": { "description": "Profile specifies the set of SSL features that can be used by the load balancer when negotiating SSL with clients. This can be one of COMPATIBLE, MODERN, RESTRICTED, or CUSTOM. If using CUSTOM, the set of SSL features to enable must be specified in the customFeatures field.", "enum": [ "COMPATIBLE", "CUSTOM", "MODERN", "RESTRICTED" ], "type": "string" }, "region": { "description": "[Output Only] URL of the region where the regional SSL policy resides. This field is not applicable to global SSL policies.", "type": "string" }, "selfLink": { "description": "[Output Only] Server-defined URL for the resource.", "type": "string" }, "warnings": { "description": "[Output Only] If potential misconfigurations are detected for this SSL policy, this field will be populated with warning messages.", "items": { "properties": { "code": { "description": "[Output Only] A warning code, if applicable. For example, Compute Engine returns NO_RESULTS_ON_PAGE if there are no results in the response.", "enum": [ "CLEANUP_FAILED", "DEPRECATED_RESOURCE_USED", "DEPRECATED_TYPE_USED", "DISK_SIZE_LARGER_THAN_IMAGE_SIZE", "EXPERIMENTAL_TYPE_USED", "EXTERNAL_API_WARNING", "FIELD_VALUE_OVERRIDEN", "INJECTED_KERNELS_DEPRECATED", "INVALID_HEALTH_CHECK_FOR_DYNAMIC_WIEGHTED_LB", "LARGE_DEPLOYMENT_WARNING", "LIST_OVERHEAD_QUOTA_EXCEED", "MISSING_TYPE_DEPENDENCY", "NEXT_HOP_ADDRESS_NOT_ASSIGNED", "NEXT_HOP_CANNOT_IP_FORWARD", "NEXT_HOP_INSTANCE_HAS_NO_IPV6_INTERFACE", "NEXT_HOP_INSTANCE_NOT_FOUND", "NEXT_HOP_INSTANCE_NOT_ON_NETWORK", "NEXT_HOP_NOT_RUNNING", "NOT_CRITICAL_ERROR", "NO_RESULTS_ON_PAGE", "PARTIAL_SUCCESS", "REQUIRED_TOS_AGREEMENT", "RESOURCE_IN_USE_BY_OTHER_RESOURCE_WARNING", "RESOURCE_NOT_DELETED", "SCHEMA_VALIDATION_IGNORED", "SINGLE_INSTANCE_PROPERTY_TEMPLATE", "UNDECLARED_PROPERTIES", "UNREACHABLE" ], "type": "string", "x-enumDeprecated": [ false, false, false, false, false, false, true, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false, false ] }, "data": { "description": "[Output Only] Metadata about this warning in key: value format. For example: \"data\": [ { \"key\": \"scope\", \"value\": \"zones/us-east1-d\" } ", "items": { "properties": { "key": { "description": "[Output Only] A key that provides more detail on the warning being returned. For example, for warnings where there are no results in a list request for a particular zone, this key might be scope and the key value might be the zone name. Other examples might be a key indicating a deprecated resource and a suggested replacement, or a warning about invalid network settings (for example, if an instance attempts to perform IP forwarding but is not enabled for IP forwarding).", "type": "string" }, "value": { "description": "[Output Only] A warning data value corresponding to the key.", "type": "string" } }, "type": "object" }, "type": "array" }, "message": { "description": "[Output Only] A human-readable description of the warning code.", "type": "string" } }, "type": "object" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/SslPolicy", "modUri": "tmod:@turbot/gcp-network" }}status
{ "type": "string", "enum": [ "PROVISIONING", "WAITING_FOR_FULL_CONFIG", "FIRST_HANDSHAKE", "ESTABLISHED", "NO_INCOMING_PACKETS", "AUTHORIZATION_ERROR", "NEGOTIATION_FAILURE", "DEPROVISIONING", "FAILED" ], "tests": [ { "input": "NO_INCOMING_PACKETS" }, { "description": "invalid - not listed in options", "input": "RUNNABLE", "expected": false }, { "description": "invalid - null value", "input": null, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/status", "modUri": "tmod:@turbot/gcp-network" }}subnetwork
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/resourceName" }, "enableFlowLogs": { "type": "boolean" }, "privateIpGoogleAccess": { "type": "boolean" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/subnetworkAka" } }, "title": { "$ref": "#/definitions/resourceName" }, "custom": { "type": "object", "properties": { "gcp": { "$ref": "gcp#/definitions/gcpMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" }, "networkName": { "$ref": "#/definitions/resourceName" } } } } } }, "required": [ "name", "turbot" ], "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "name": "testmeplease", "regionName": "asia", "turbot": { "custom": { "gcp": { "projectId": "123-456", "regionName": "us-west1" }, "networkName": "testnetwork01" } } } }, { "description": "Invalid - Missing name", "input": { "regionName": "asia", "turbot": { "custom": { "gcp": { "projectId": "123-456", "regionName": "us-west1" }, "networkName": "testnetwork01" } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "name": "testmeplease" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/subnetwork", "modUri": "tmod:@turbot/gcp-network" }}Subnetwork
{ "description": "Represents a Subnetwork resource. A subnetwork (also known as a subnet) is a logical partition of a Virtual Private Cloud network with one primary IP range and zero or more secondary IP ranges. For more information, read Virtual Private Cloud (VPC) Network.", "properties": { "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "description": { "description": "An optional description of this resource. Provide this property when you create the resource. This field can be set only at resource creation time.", "type": "string" }, "enableFlowLogs": { "description": "Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is determined by the org policy, if there is no org policy specified, then it will default to disabled. This field isn't supported if the subnet purpose field is set to REGIONAL_MANAGED_PROXY.", "type": "boolean" }, "externalIpv6Prefix": { "description": "The external IPv6 address range that is owned by this subnetwork.", "type": "string" }, "fingerprint": { "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a Subnetwork. An up-to-date fingerprint must be provided in order to update the Subnetwork, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a Subnetwork.", "type": "string" }, "gatewayAddress": { "description": "[Output Only] The gateway address for default routes to reach destination addresses outside this subnetwork.", "type": "string" }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "internalIpv6Prefix": { "description": "[Output Only] The internal IPv6 address range that is assigned to this subnetwork.", "type": "string" }, "ipCidrRange": { "description": "The range of internal addresses that are owned by this subnetwork. Provide this property when you create the subnetwork. For example, 10.0.0.0/8 or 100.64.0.0/10. Ranges must be unique and non-overlapping within a network. Only IPv4 is supported. This field is set at resource creation time. The range can be any range listed in the Valid ranges list. The range can be expanded after creation using expandIpCidrRange.", "type": "string" }, "ipv6AccessType": { "description": "The access type of IPv6 address this subnet holds. It's immutable and can only be specified during creation or the first time the subnet is updated into IPV4_IPV6 dual stack.", "enum": [ "EXTERNAL", "INTERNAL" ], "type": "string" }, "ipv6CidrRange": { "description": "[Output Only] This field is for internal use.", "type": "string" }, "kind": { "default": "compute#subnetwork", "description": "[Output Only] Type of the resource. Always compute#subnetwork for Subnetwork resources.", "type": "string" }, "logConfig": { "$ref": "#/definitions/SubnetworkLogConfig", "description": "This field denotes the VPC flow logging options for this subnetwork. If logging is enabled, logs are exported to Cloud Logging." }, "name": { "description": "The name of the resource, provided by the client when initially creating the resource. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "network": { "description": "The URL of the network to which this subnetwork belongs, provided by the client when initially creating the subnetwork. This field can be set only at resource creation time.", "type": "string" }, "privateIpGoogleAccess": { "description": "Whether the VMs in this subnet can access Google services without assigned external IP addresses. This field can be both set at resource creation time and updated using setPrivateIpGoogleAccess.", "type": "boolean" }, "privateIpv6GoogleAccess": { "description": "This field is for internal use. This field can be both set at resource creation time and updated using patch.", "enum": [ "DISABLE_GOOGLE_ACCESS", "ENABLE_BIDIRECTIONAL_ACCESS_TO_GOOGLE", "ENABLE_OUTBOUND_VM_ACCESS_TO_GOOGLE" ], "type": "string" }, "purpose": { "description": "The purpose of the resource. This field can be either PRIVATE, GLOBAL_MANAGED_PROXY, REGIONAL_MANAGED_PROXY, PRIVATE_SERVICE_CONNECT, or PRIVATE is the default purpose for user-created subnets or subnets that are automatically created in auto mode networks. Subnets with purpose set to GLOBAL_MANAGED_PROXY or REGIONAL_MANAGED_PROXY are user-created subnetworks that are reserved for Envoy-based load balancers. A subnet with purpose set to PRIVATE_SERVICE_CONNECT is used to publish services using Private Service Connect. If unspecified, the subnet purpose defaults to PRIVATE. The enableFlowLogs field isn't supported if the subnet purpose field is set to GLOBAL_MANAGED_PROXY or REGIONAL_MANAGED_PROXY.", "enum": [ "GLOBAL_MANAGED_PROXY", "INTERNAL_HTTPS_LOAD_BALANCER", "PRIVATE", "PRIVATE_NAT", "PRIVATE_RFC_1918", "PRIVATE_SERVICE_CONNECT", "REGIONAL_MANAGED_PROXY" ], "type": "string" }, "region": { "description": "URL of the region where the Subnetwork resides. This field can be set only at resource creation time.", "type": "string" }, "reservedInternalRange": { "description": "The URL of the reserved internal range.", "type": "string" }, "role": { "description": "The role of subnetwork. Currently, this field is only used when purpose is set to GLOBAL_MANAGED_PROXY or REGIONAL_MANAGED_PROXY. The value can be set to ACTIVE or BACKUP. An ACTIVE subnetwork is one that is currently being used for Envoy-based load balancers in a region. A BACKUP subnetwork is one that is ready to be promoted to ACTIVE or is currently draining. This field can be updated with a patch request.", "enum": [ "ACTIVE", "BACKUP" ], "type": "string" }, "secondaryIpRanges": { "description": "An array of configurations for secondary IP ranges for VM instances contained in this subnetwork. The primary IP of such VM must belong to the primary ipCidrRange of the subnetwork. The alias IPs may belong to either primary or secondary ranges. This field can be updated with a patch request.", "items": { "$ref": "#/definitions/SubnetworkSecondaryRange" }, "type": "array" }, "selfLink": { "description": "[Output Only] Server-defined URL for the resource.", "type": "string" }, "stackType": { "description": "The stack type for the subnet. If set to IPV4_ONLY, new VMs in the subnet are assigned IPv4 addresses only. If set to IPV4_IPV6, new VMs in the subnet can be assigned both IPv4 and IPv6 addresses. If not specified, IPV4_ONLY is used. This field can be both set at resource creation time and updated using patch.", "enum": [ "IPV4_IPV6", "IPV4_ONLY" ], "type": "string" }, "state": { "description": "[Output Only] The state of the subnetwork, which can be one of the following values: READY: Subnetwork is created and ready to use DRAINING: only applicable to subnetworks that have the purpose set to INTERNAL_HTTPS_LOAD_BALANCER and indicates that connections to the load balancer are being drained. A subnetwork that is draining cannot be used or modified until it reaches a status of READY", "enum": [ "DRAINING", "READY" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/Subnetwork", "modUri": "tmod:@turbot/gcp-network" }}subnetworkAka
{ "type": "string", "pattern": "^gcp://compute.googleapis.com/projects/[a-z0-9-]{5,29}[a-z0-9]{1}/regions/(asia-east1|asia-east2|asia-northeast1|asia-south1|asia-southeast1|australia-southeast1|europe-north1|europe-west1|europe-west2|europe-west3|europe-west4|northamerica-northeast1|southamerica-east1|us-central1|us-east1|us-east4|us-west1|us-west2|global)/subnetworks/[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?$", "tests": [ { "descritpion": "base case", "input": "gcp://compute.googleapis.com/projects/aar-a4b6d489/regions/us-west1/subnetworks/test01" }, { "description": "invalid - invalid region name", "input": "gcp://compute.googleapis.com/projects/aar-a4b6d489/regions/asiaus/us-west1/subnetworks/test01", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/subnetworkAka", "modUri": "tmod:@turbot/gcp-network" }}SubnetworkLogConfig
{ "description": "The available logging options for this subnetwork.", "properties": { "aggregationInterval": { "description": "Can only be specified if VPC flow logging for this subnetwork is enabled. Toggles the aggregation interval for collecting flow logs. Increasing the interval time will reduce the amount of generated flow logs for long lasting connections. Default is an interval of 5 seconds per connection.", "enum": [ "INTERVAL_10_MIN", "INTERVAL_15_MIN", "INTERVAL_1_MIN", "INTERVAL_30_SEC", "INTERVAL_5_MIN", "INTERVAL_5_SEC" ], "type": "string" }, "enable": { "description": "Whether to enable flow logging for this subnetwork. If this field is not explicitly set, it will not appear in get listings. If not set the default behavior is determined by the org policy, if there is no org policy specified, then it will default to disabled. Flow logging isn't supported if the subnet purpose field is set to REGIONAL_MANAGED_PROXY.", "type": "boolean" }, "filterExpr": { "description": "Can only be specified if VPC flow logs for this subnetwork is enabled. The filter expression is used to define which VPC flow logs should be exported to Cloud Logging.", "type": "string" }, "flowSampling": { "description": "Can only be specified if VPC flow logging for this subnetwork is enabled. The value of the field must be in [0, 1]. Set the sampling rate of VPC flow logs within the subnetwork where 1.0 means all collected logs are reported and 0.0 means no logs are reported. Default is 0.5 unless otherwise specified by the org policy, which means half of all collected logs are reported.", "type": "number" }, "metadata": { "description": "Can only be specified if VPC flow logs for this subnetwork is enabled. Configures whether all, none or a subset of metadata fields should be added to the reported VPC flow logs. Default is EXCLUDE_ALL_METADATA.", "enum": [ "CUSTOM_METADATA", "EXCLUDE_ALL_METADATA", "INCLUDE_ALL_METADATA" ], "type": "string" }, "metadataFields": { "description": "Can only be specified if VPC flow logs for this subnetwork is enabled and \"metadata\" was set to CUSTOM_METADATA.", "items": { "type": "string" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/SubnetworkLogConfig", "modUri": "tmod:@turbot/gcp-network" }}SubnetworkSecondaryRange
{ "description": "Represents a secondary IP range of a subnetwork.", "properties": { "ipCidrRange": { "description": "The range of IP addresses belonging to this subnetwork secondary range. Provide this property when you create the subnetwork. Ranges must be unique and non-overlapping with all primary and secondary IP ranges within a network. Only IPv4 is supported. The range can be any range listed in the Valid ranges list.", "type": "string" }, "rangeName": { "description": "The name associated with this subnetwork secondary range, used when adding an alias IP range to a VM instance. The name must be 1-63 characters long, and comply with RFC1035. The name must be unique within the subnetwork.", "type": "string" }, "reservedInternalRange": { "description": "The URL of the reserved internal range.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/SubnetworkSecondaryRange", "modUri": "tmod:@turbot/gcp-network" }}subnetworkServiceNow
{ "defaultColumns": { "creation_timestamp": { "column": "enabled" }, "description": { "column": "enabled" }, "enable_flow_logs": { "column": "enabled", "type": "boolean" }, "fingerprint": { "column": "enabled" }, "gateway_address": { "column": "enabled" }, "iam_policy": { "column": "enabled", "label": "IAM Policy", "type": "string", "size": 1000 }, "id": { "column": "enabled", "label": "ID" }, "ip_cidr_range": { "column": "enabled", "label": "IP CIDR Range" }, "ipv6_cidr_range": { "column": "enabled", "label": "IPV6 CIDR Range" }, "kind": { "column": "enabled" }, "log_config_aggregation_interval": { "column": "enabled", "path": "data.logConfig.aggregationInterval" }, "log_config_enable": { "column": "enabled", "type": "boolean", "path": "data.logConfig.enable" }, "log_config_filter_expr": { "column": "enabled", "path": "data.logConfig.filterExpr" }, "log_config_flow_sampling": { "column": "enabled", "path": "data.logConfig.flowSampling" }, "log_config_metadata": { "column": "enabled", "path": "data.logConfig.metadata" }, "log_config_metadata_fields": { "column": "enabled", "type": "string", "size": 1000, "path": "data.logConfig.metadataFields" }, "subnetwork_name": { "column": "enabled", "label": "Subnetwork Name", "path": "data.name" }, "network": { "column": "enabled" }, "private_ip_google_access": { "column": "enabled", "label": "Private IP Google Access", "type": "boolean" }, "private_ipv6_google_access": { "column": "enabled", "label": "Private IPv6 Google Access" }, "project": { "column": "enabled", "type": "string", "path": "metadata.gcp.projectId" }, "purpose": { "column": "enabled" }, "region": { "column": "enabled" }, "role": { "column": "enabled" }, "secondary_ip_ranges": { "column": "enabled", "label": "Secondary IP Ranges", "type": "string", "size": 1000 }, "self_link": { "column": "enabled" }, "state": { "column": "enabled" } }, ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/subnetworkServiceNow", "modUri": "tmod:@turbot/gcp-network" }}Subsetting
{ "description": "Subsetting configuration for this BackendService. Currently this is applicable only for Internal TCP/UDP load balancing, Internal HTTP(S) load balancing and Traffic Director.", "properties": { "policy": { "enum": [ "CONSISTENT_HASH_SUBSETTING", "NONE" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/Subsetting", "modUri": "tmod:@turbot/gcp-network" }}TargetHttpsProxy
{ "description": "Represents a Target HTTPS Proxy resource. Google Compute Engine has two Target HTTPS Proxy resources: * [Global](/compute/docs/reference/rest/v1/targetHttpsProxies) * [Regional](/compute/docs/reference/rest/v1/regionTargetHttpsProxies) A target HTTPS proxy is a component of GCP HTTPS load balancers. * targetHttpProxies are used by global external Application Load Balancers, classic Application Load Balancers, cross-region internal Application Load Balancers, and Traffic Director. * regionTargetHttpProxies are used by regional internal Application Load Balancers and regional external Application Load Balancers. Forwarding rules reference a target HTTPS proxy, and the target proxy then references a URL map. For more information, read Using Target Proxies and Forwarding rule concepts.", "properties": { "authorizationPolicy": { "description": "Optional. A URL referring to a networksecurity.AuthorizationPolicy resource that describes how the proxy should authorize inbound traffic. If left blank, access will not be restricted by an authorization policy. Refer to the AuthorizationPolicy resource for additional details. authorizationPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED. Note: This field currently has no impact.", "type": "string" }, "certificateMap": { "description": "URL of a certificate map that identifies a certificate map associated with the given target proxy. This field can only be set for global target proxies. If set, sslCertificates will be ignored. Accepted format is //certificatemanager.googleapis.com/projects/{project }/locations/{location}/certificateMaps/{resourceName}.", "type": "string" }, "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "description": { "description": "An optional description of this resource. Provide this property when you create the resource.", "type": "string" }, "fingerprint": { "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field will be ignored when inserting a TargetHttpsProxy. An up-to-date fingerprint must be provided in order to patch the TargetHttpsProxy; otherwise, the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve the TargetHttpsProxy.", "type": "string" }, "httpKeepAliveTimeoutSec": { "description": "Specifies how long to keep a connection open, after completing a response, while there is no matching traffic (in seconds). If an HTTP keep-alive is not specified, a default value (610 seconds) will be used. For global external Application Load Balancers, the minimum allowed value is 5 seconds and the maximum allowed value is 1200 seconds. For classic Application Load Balancers, this option is not supported.", "type": "integer" }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "kind": { "default": "compute#targetHttpsProxy", "description": "[Output Only] Type of resource. Always compute#targetHttpsProxy for target HTTPS proxies.", "type": "string" }, "name": { "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "proxyBind": { "description": "This field only applies when the forwarding rule that references this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. When this field is set to true, Envoy proxies set up inbound traffic interception and bind to the IP address and port specified in the forwarding rule. This is generally useful when using Traffic Director to configure Envoy as a gateway or middle proxy (in other words, not a sidecar proxy). The Envoy proxy listens for inbound requests and handles requests when it receives them. The default is false.", "type": "boolean" }, "quicOverride": { "description": "Specifies the QUIC override policy for this TargetHttpsProxy resource. This setting determines whether the load balancer attempts to negotiate QUIC with clients. You can specify NONE, ENABLE, or DISABLE. - When quic-override is set to NONE, Google manages whether QUIC is used. - When quic-override is set to ENABLE, the load balancer uses QUIC when possible. - When quic-override is set to DISABLE, the load balancer doesn't use QUIC. - If the quic-override flag is not specified, NONE is implied. ", "enum": [ "DISABLE", "ENABLE", "NONE" ], "type": "string" }, "region": { "description": "[Output Only] URL of the region where the regional TargetHttpsProxy resides. This field is not applicable to global TargetHttpsProxies.", "type": "string" }, "selfLink": { "description": "[Output Only] Server-defined URL for the resource.", "type": "string" }, "serverTlsPolicy": { "description": "Optional. A URL referring to a networksecurity.ServerTlsPolicy resource that describes how the proxy should authenticate inbound traffic. serverTlsPolicy only applies to a global TargetHttpsProxy attached to globalForwardingRules with the loadBalancingScheme set to INTERNAL_SELF_MANAGED or EXTERNAL or EXTERNAL_MANAGED. For details which ServerTlsPolicy resources are accepted with INTERNAL_SELF_MANAGED and which with EXTERNAL, EXTERNAL_MANAGED loadBalancingScheme consult ServerTlsPolicy documentation. If left blank, communications are not encrypted.", "type": "string" }, "sslCertificates": { "description": "URLs to SslCertificate resources that are used to authenticate connections between users and the load balancer. At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.", "items": { "type": "string" }, "type": "array" }, "sslPolicy": { "description": "URL of SslPolicy resource that will be associated with the TargetHttpsProxy resource. If not set, the TargetHttpsProxy resource has no SSL policy configured.", "type": "string" }, "urlMap": { "description": "A fully-qualified or valid partial URL to the UrlMap resource that defines the mapping from URL to the BackendService. For example, the following are all valid URLs for specifying a URL map: - https://www.googleapis.compute/v1/projects/project/global/urlMaps/ url-map - projects/project/global/urlMaps/url-map - global/urlMaps/url-map ", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/TargetHttpsProxy", "modUri": "tmod:@turbot/gcp-network" }}TargetPool
{ "description": "Represents a Target Pool resource. Target pools are used with external passthrough Network Load Balancers. A target pool references member instances, an associated legacy HttpHealthCheck resource, and, optionally, a backup target pool. For more information, read Using target pools.", "properties": { "backupPool": { "description": "The server-defined URL for the resource. This field is applicable only when the containing target pool is serving a forwarding rule as the primary pool, and its failoverRatio field is properly set to a value between [0, 1]. backupPool and failoverRatio together define the fallback behavior of the primary target pool: if the ratio of the healthy instances in the primary pool is at or below failoverRatio, traffic arriving at the load-balanced IP will be directed to the backup pool. In case where failoverRatio and backupPool are not set, or all the instances in the backup pool are unhealthy, the traffic will be directed back to the primary pool in the \"force\" mode, where traffic will be spread to the healthy instances with the best effort, or to all instances when no instance is healthy.", "type": "string" }, "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "description": { "description": "An optional description of this resource. Provide this property when you create the resource.", "type": "string" }, "failoverRatio": { "description": "This field is applicable only when the containing target pool is serving a forwarding rule as the primary pool (i.e., not as a backup pool to some other target pool). The value of the field must be in [0, 1]. If set, backupPool must also be set. They together define the fallback behavior of the primary target pool: if the ratio of the healthy instances in the primary pool is at or below this number, traffic arriving at the load-balanced IP will be directed to the backup pool. In case where failoverRatio is not set or all the instances in the backup pool are unhealthy, the traffic will be directed back to the primary pool in the \"force\" mode, where traffic will be spread to the healthy instances with the best effort, or to all instances when no instance is healthy.", "type": "number" }, "healthChecks": { "description": "The URL of the HttpHealthCheck resource. A member instance in this pool is considered healthy if and only if the health checks pass. Only legacy HttpHealthChecks are supported. Only one health check may be specified.", "items": { "type": "string" }, "type": "array" }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "instances": { "description": "A list of resource URLs to the virtual machine instances serving this pool. They must live in zones contained in the same region as this pool.", "items": { "type": "string" }, "type": "array" }, "kind": { "default": "compute#targetPool", "description": "[Output Only] Type of the resource. Always compute#targetPool for target pools.", "type": "string" }, "name": { "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "region": { "description": "[Output Only] URL of the region where the target pool resides.", "type": "string" }, "securityPolicy": { "description": "[Output Only] The resource URL for the security policy associated with this target pool.", "type": "string" }, "selfLink": { "description": "[Output Only] Server-defined URL for the resource.", "type": "string" }, "sessionAffinity": { "description": "Session affinity option, must be one of the following values: NONE: Connections from the same client IP may go to any instance in the pool. CLIENT_IP: Connections from the same client IP will go to the same instance in the pool while that instance remains healthy. CLIENT_IP_PROTO: Connections from the same client IP with the same IP protocol will go to the same instance in the pool while that instance remains healthy.", "enum": [ "CLIENT_IP", "CLIENT_IP_NO_DESTINATION", "CLIENT_IP_PORT_PROTO", "CLIENT_IP_PROTO", "GENERATED_COOKIE", "HEADER_FIELD", "HTTP_COOKIE", "NONE" ], "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/TargetPool", "modUri": "tmod:@turbot/gcp-network" }}TargetSslProxy
{ "description": "Represents a Target SSL Proxy resource. A target SSL proxy is a component of a Proxy Network Load Balancer. The forwarding rule references the target SSL proxy, and the target proxy then references a backend service. For more information, read Proxy Network Load Balancer overview.", "properties": { "certificateMap": { "description": "URL of a certificate map that identifies a certificate map associated with the given target proxy. This field can only be set for global target proxies. If set, sslCertificates will be ignored. Accepted format is //certificatemanager.googleapis.com/projects/{project }/locations/{location}/certificateMaps/{resourceName}.", "type": "string" }, "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "description": { "description": "An optional description of this resource. Provide this property when you create the resource.", "type": "string" }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "kind": { "default": "compute#targetSslProxy", "description": "[Output Only] Type of the resource. Always compute#targetSslProxy for target SSL proxies.", "type": "string" }, "name": { "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "proxyHeader": { "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.", "enum": [ "NONE", "PROXY_V1" ], "type": "string" }, "selfLink": { "description": "[Output Only] Server-defined URL for the resource.", "type": "string" }, "service": { "description": "URL to the BackendService resource.", "type": "string" }, "sslCertificates": { "description": "URLs to SslCertificate resources that are used to authenticate connections to Backends. At least one SSL certificate must be specified. Currently, you may specify up to 15 SSL certificates. sslCertificates do not apply when the load balancing scheme is set to INTERNAL_SELF_MANAGED.", "items": { "type": "string" }, "type": "array" }, "sslPolicy": { "description": "URL of SslPolicy resource that will be associated with the TargetSslProxy resource. If not set, the TargetSslProxy resource will not have any SSL policy configured.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/TargetSslProxy", "modUri": "tmod:@turbot/gcp-network" }}TargetTcpProxy
{ "description": "Represents a Target TCP Proxy resource. A target TCP proxy is a component of a Proxy Network Load Balancer. The forwarding rule references the target TCP proxy, and the target proxy then references a backend service. For more information, read Proxy Network Load Balancer overview.", "properties": { "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "description": { "description": "An optional description of this resource. Provide this property when you create the resource.", "type": "string" }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "kind": { "default": "compute#targetTcpProxy", "description": "[Output Only] Type of the resource. Always compute#targetTcpProxy for target TCP proxies.", "type": "string" }, "name": { "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "proxyBind": { "description": "This field only applies when the forwarding rule that references this target proxy has a loadBalancingScheme set to INTERNAL_SELF_MANAGED. When this field is set to true, Envoy proxies set up inbound traffic interception and bind to the IP address and port specified in the forwarding rule. This is generally useful when using Traffic Director to configure Envoy as a gateway or middle proxy (in other words, not a sidecar proxy). The Envoy proxy listens for inbound requests and handles requests when it receives them. The default is false.", "type": "boolean" }, "proxyHeader": { "description": "Specifies the type of proxy header to append before sending data to the backend, either NONE or PROXY_V1. The default is NONE.", "enum": [ "NONE", "PROXY_V1" ], "type": "string" }, "region": { "description": "[Output Only] URL of the region where the regional TCP proxy resides. This field is not applicable to global TCP proxy.", "type": "string" }, "selfLink": { "description": "[Output Only] Server-defined URL for the resource.", "type": "string" }, "service": { "description": "URL to the BackendService resource.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/TargetTcpProxy", "modUri": "tmod:@turbot/gcp-network" }}targetVpnGateway
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/resourceName" }, "status": { "$ref": "#/definitions/targetVpnGatewayStatus" }, "hasDependencies": { "type": "boolean" }, "forwardingRules": { "$ref": "#/definitions/forwardingRules" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/targetVpnGatewayAka" } }, "title": { "$ref": "#/definitions/resourceName" }, "custom": { "type": "object", "properties": { "gcp": { "$ref": "gcp#/definitions/gcpMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "required": [ "name", "turbot" ], "tests": [ { "description": "all properties provided", "input": { "name": "testvpngateway", "status": "READY", "turbot": { "custom": { "gcp": { "projectId": "123-456", "regionName": "us-west1" }, "createTimestamp": "2000-01-01T00:00:00.000Z" } } } }, { "description": "invalid - name property is missing", "input": { "status": "READY" }, "turbot": { "custom": { "gcp": { "projectId": "123-456", "regionName": "us-west1" }, "createTimestamp": "2000-01-01T00:00:00.000Z" } }, "expected": false }, { "description": "invalid - array type passed instead of string", "input": { "name": [ "testvpngateway" ], "status": "READY", "targetVpnGateway": "testvpngateway" }, "turbot": { "custom": { "gcp": { "projectId": "123-456", "regionName": "us-west1" }, "createTimestamp": "2000-01-01T00:00:00.000Z" } }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/targetVpnGateway", "modUri": "tmod:@turbot/gcp-network" }}TargetVpnGateway
{ "description": "Represents a Target VPN Gateway resource. The target VPN gateway resource represents a Classic Cloud VPN gateway. For more information, read the the Cloud VPN Overview.", "properties": { "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "description": { "description": "An optional description of this resource. Provide this property when you create the resource.", "type": "string" }, "forwardingRules": { "description": "[Output Only] A list of URLs to the ForwardingRule resources. ForwardingRules are created using compute.forwardingRules.insert and associated with a VPN gateway.", "items": { "type": "string" }, "type": "array" }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "kind": { "default": "compute#targetVpnGateway", "description": "[Output Only] Type of resource. Always compute#targetVpnGateway for target VPN gateways.", "type": "string" }, "labelFingerprint": { "description": "A fingerprint for the labels being applied to this TargetVpnGateway, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a TargetVpnGateway.", "type": "string" }, "labels": { "additionalProperties": { "type": "string" }, "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.", "type": "object" }, "name": { "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "network": { "description": "URL of the network to which this VPN gateway is attached. Provided by the client when the VPN gateway is created.", "type": "string" }, "region": { "description": "[Output Only] URL of the region where the target VPN gateway resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", "type": "string" }, "selfLink": { "description": "[Output Only] Server-defined URL for the resource.", "type": "string" }, "status": { "description": "[Output Only] The status of the VPN gateway, which can be one of the following: CREATING, READY, FAILED, or DELETING.", "enum": [ "CREATING", "DELETING", "FAILED", "READY" ], "type": "string" }, "tunnels": { "description": "[Output Only] A list of URLs to VpnTunnel resources. VpnTunnels are created using the compute.vpntunnels.insert method and associated with a VPN gateway.", "items": { "type": "string" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/TargetVpnGateway", "modUri": "tmod:@turbot/gcp-network" }}targetVpnGatewayAka
{ "addressAka": null, "type": "string", "pattern": "^gcp://compute.googleapis.com/projects/[a-z0-9-]{5,29}[a-z0-9]{1}/regions/(asia-east1|asia-east2|asia-northeast1|asia-south1|asia-southeast1|australia-southeast1|europe-north1|europe-west1|europe-west2|europe-west3|europe-west4|northamerica-northeast1|southamerica-east1|us-central1|us-east1|us-east4|us-west1|us-west2|global)/targetVpnGateways/[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?$", "tests": [ { "descritpion": "base case", "input": "gcp://compute.googleapis.com/projects/aar-a4b6d489/regions/us-west1/targetVpnGateways/test01" }, { "description": "invalid - invalid region name", "input": "gcp://compute.googleapis.com/projects/aar-a4b6d489/regions/asiaus/targetVpnGateways/test01", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/targetVpnGatewayAka", "modUri": "tmod:@turbot/gcp-network" }}targetVpnGatewayStatus
{ "type": "string", "enum": [ "CREATING", "READY", "FAILED", "DELETING" ], "tests": [ { "input": "READY" }, { "input": "DELETING" }, { "description": "invalid - not listed in options", "input": "RUNNABLE", "expected": false }, { "description": "invalid - null value", "input": null, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/targetVpnGatewayStatus", "modUri": "tmod:@turbot/gcp-network" }}UrlMap
{ "description": "Represents a URL Map resource. Compute Engine has two URL Map resources: * [Global](/compute/docs/reference/rest/v1/urlMaps) * [Regional](/compute/docs/reference/rest/v1/regionUrlMaps) A URL map resource is a component of certain types of cloud load balancers and Traffic Director: * urlMaps are used by global external Application Load Balancers, classic Application Load Balancers, and cross-region internal Application Load Balancers. * regionUrlMaps are used by internal Application Load Balancers, regional external Application Load Balancers and regional internal Application Load Balancers. For a list of supported URL map features by the load balancer type, see the Load balancing features: Routing and traffic management table. For a list of supported URL map features for Traffic Director, see the Traffic Director features: Routing and traffic management table. This resource defines mappings from hostnames and URL paths to either a backend service or a backend bucket. To use the global urlMaps resource, the backend service must have a loadBalancingScheme of either EXTERNAL or INTERNAL_SELF_MANAGED. To use the regionUrlMaps resource, the backend service must have a loadBalancingScheme of INTERNAL_MANAGED. For more information, read URL Map Concepts.", "properties": { "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "defaultRouteAction": { "$ref": "#/definitions/HttpRouteAction", "description": "defaultRouteAction takes effect when none of the hostRules match. The load balancer performs advanced routing actions, such as URL rewrites and header transformations, before forwarding the request to the selected backend. If defaultRouteAction specifies any weightedBackendServices, defaultService must not be set. Conversely if defaultService is set, defaultRouteAction cannot contain any weightedBackendServices. Only one of defaultRouteAction or defaultUrlRedirect must be set. URL maps for classic Application Load Balancers only support the urlRewrite action within defaultRouteAction. defaultRouteAction has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true." }, "defaultService": { "description": "The full or partial URL of the defaultService resource to which traffic is directed if none of the hostRules match. If defaultRouteAction is also specified, advanced routing actions, such as URL rewrites, take effect before sending the request to the backend. However, if defaultService is specified, defaultRouteAction cannot contain any weightedBackendServices. Conversely, if routeAction specifies any weightedBackendServices, service must not be specified. Only one of defaultService, defaultUrlRedirect , or defaultRouteAction.weightedBackendService must be set. defaultService has no effect when the URL map is bound to a target gRPC proxy that has the validateForProxyless field set to true.", "type": "string" }, "defaultUrlRedirect": { "$ref": "#/definitions/HttpRedirectAction", "description": "When none of the specified hostRules match, the request is redirected to a URL specified by defaultUrlRedirect. If defaultUrlRedirect is specified, defaultService or defaultRouteAction must not be set. Not supported when the URL map is bound to a target gRPC proxy." }, "description": { "description": "An optional description of this resource. Provide this property when you create the resource.", "type": "string" }, "fingerprint": { "description": "Fingerprint of this resource. A hash of the contents stored in this object. This field is used in optimistic locking. This field is ignored when inserting a UrlMap. An up-to-date fingerprint must be provided in order to update the UrlMap, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a UrlMap.", "type": "string" }, "headerAction": { "$ref": "#/definitions/HttpHeaderAction", "description": "Specifies changes to request and response headers that need to take effect for the selected backendService. The headerAction specified here take effect after headerAction specified under pathMatcher. headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true." }, "hostRules": { "description": "The list of host rules to use against the URL.", "items": { "$ref": "#/definitions/HostRule" }, "type": "array" }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "kind": { "default": "compute#urlMap", "description": "[Output Only] Type of the resource. Always compute#urlMaps for url maps.", "type": "string" }, "name": { "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "pathMatchers": { "description": "The list of named PathMatchers to use against the URL.", "items": { "$ref": "#/definitions/PathMatcher" }, "type": "array" }, "region": { "description": "[Output Only] URL of the region where the regional URL map resides. This field is not applicable to global URL maps. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", "type": "string" }, "selfLink": { "description": "[Output Only] Server-defined URL for the resource.", "type": "string" }, "tests": { "description": "The list of expected URL mapping tests. Request to update the UrlMap succeeds only if all test cases pass. You can specify a maximum of 100 tests per UrlMap. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true.", "items": { "$ref": "#/definitions/UrlMapTest" }, "type": "array" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/UrlMap", "modUri": "tmod:@turbot/gcp-network" }}UrlMapTest
{ "description": "Message for the expected URL mappings.", "properties": { "description": { "description": "Description of this test case.", "type": "string" }, "expectedOutputUrl": { "description": "The expected output URL evaluated by the load balancer containing the scheme, host, path and query parameters. For rules that forward requests to backends, the test passes only when expectedOutputUrl matches the request forwarded by the load balancer to backends. For rules with urlRewrite, the test verifies that the forwarded request matches hostRewrite and pathPrefixRewrite in the urlRewrite action. When service is specified, expectedOutputUrl`s scheme is ignored. For rules with urlRedirect, the test passes only if expectedOutputUrl matches the URL in the load balancer's redirect response. If urlRedirect specifies https_redirect, the test passes only if the scheme in expectedOutputUrl is also set to HTTPS. If urlRedirect specifies strip_query, the test passes only if expectedOutputUrl does not contain any query parameters. expectedOutputUrl is optional when service is specified.", "type": "string" }, "expectedRedirectResponseCode": { "description": "For rules with urlRedirect, the test passes only if expectedRedirectResponseCode matches the HTTP status code in load balancer's redirect response. expectedRedirectResponseCode cannot be set when service is set.", "type": "integer" }, "headers": { "description": "HTTP headers for this request. If headers contains a host header, then host must also match the header value.", "items": { "$ref": "#/definitions/UrlMapTestHeader" }, "type": "array" }, "host": { "description": "Host portion of the URL. If headers contains a host header, then host must also match the header value.", "type": "string" }, "path": { "description": "Path portion of the URL.", "type": "string" }, "service": { "description": "Expected BackendService or BackendBucket resource the given URL should be mapped to. The service field cannot be set if expectedRedirectResponseCode is set.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/UrlMapTest", "modUri": "tmod:@turbot/gcp-network" }}UrlMapTestHeader
{ "description": "HTTP headers used in UrlMapTests.", "properties": { "name": { "description": "Header name.", "type": "string" }, "value": { "description": "Header value.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/UrlMapTestHeader", "modUri": "tmod:@turbot/gcp-network" }}UrlRewrite
{ "description": "The spec for modifying the path before sending the request to the matched backend service.", "properties": { "hostRewrite": { "description": "Before forwarding the request to the selected service, the request's host header is replaced with contents of hostRewrite. The value must be from 1 to 255 characters.", "type": "string" }, "pathPrefixRewrite": { "description": "Before forwarding the request to the selected backend service, the matching portion of the request's path is replaced by pathPrefixRewrite. The value must be from 1 to 1024 characters.", "type": "string" }, "pathTemplateRewrite": { "description": " If specified, the pattern rewrites the URL path (based on the :path header) using the HTTP template syntax. A corresponding path_template_match must be specified. Any template variables must exist in the path_template_match field. - -At least one variable must be specified in the path_template_match field - You can omit variables from the rewritten URL - The * and ** operators cannot be matched unless they have a corresponding variable name - e.g. {format=*} or {var=**}. For example, a path_template_match of /static/{format=**} could be rewritten as /static/content/{format} to prefix /content to the URL. Variables can also be re-ordered in a rewrite, so that /{country}/{format}/{suffix=**} can be rewritten as /content/{format}/{country}/{suffix}. At least one non-empty routeRules[].matchRules[].path_template_match is required. Only one of path_prefix_rewrite or path_template_rewrite may be specified.", "type": "string" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/UrlRewrite", "modUri": "tmod:@turbot/gcp-network" }}vpnTunnel
{ "type": "object", "properties": { "name": { "$ref": "#/definitions/resourceName" }, "status": { "$ref": "#/definitions/status" }, "labels": { "$ref": "gcp#/definitions/labels" }, "labelFingerprint": { "$ref": "gcp#/definitions/fingerprint" }, "hasDependencies": { "type": "boolean" }, "turbot": { "type": "object", "properties": { "akas": { "type": "array", "items": { "$ref": "#/definitions/vpnTunnelAka" } }, "tags": { "$ref": "gcp#/definitions/labels" }, "title": { "$ref": "#/definitions/resourceName" }, "custom": { "type": "object", "properties": { "gcp": { "$ref": "gcp#/definitions/gcpMetadata" }, "createTimestamp": { "$ref": "turbot#/definitions/isoTimestamp" } } } } } }, "required": [ "name", "turbot" ], "additionalProperties": true, "tests": [ { "description": "Valid - All properties", "input": { "name": "testmeplease", "status": "NO_INCOMING_PACKETS", "gcp": { "projectId": "foo-bar" }, "turbot": { "custom": { "gcp": { "projectId": "123-456", "regionName": "southamerica-east1" } } } } }, { "description": "Invalid - Missing name", "input": { "status": "NO_INCOMING_PACKETS", "turbot": { "custom": { "gcp": { "projectId": "123-456", "regionName": "southamerica-east1" } } } }, "expected": false }, { "description": "Invalid - Missing Guardrails data", "input": { "name": "test01", "status": "NO_INCOMING_PACKETS" }, "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/vpnTunnel", "modUri": "tmod:@turbot/gcp-network" }}VpnTunnel
{ "description": "Represents a Cloud VPN Tunnel resource. For more information about VPN, read the the Cloud VPN Overview.", "properties": { "creationTimestamp": { "description": "[Output Only] Creation timestamp in RFC3339 text format.", "type": "string" }, "description": { "description": "An optional description of this resource. Provide this property when you create the resource.", "type": "string" }, "detailedStatus": { "description": "[Output Only] Detailed status message for the VPN tunnel.", "type": "string" }, "id": { "description": "[Output Only] The unique identifier for the resource. This identifier is defined by the server.", "type": "string" }, "ikeVersion": { "description": "IKE protocol version to use when establishing the VPN tunnel with the peer VPN gateway. Acceptable IKE versions are 1 or 2. The default version is 2.", "type": "integer" }, "kind": { "default": "compute#vpnTunnel", "description": "[Output Only] Type of resource. Always compute#vpnTunnel for VPN tunnels.", "type": "string" }, "labelFingerprint": { "description": "A fingerprint for the labels being applied to this VpnTunnel, which is essentially a hash of the labels set used for optimistic locking. The fingerprint is initially generated by Compute Engine and changes after every request to modify or update labels. You must always provide an up-to-date fingerprint hash in order to update or change labels, otherwise the request will fail with error 412 conditionNotMet. To see the latest fingerprint, make a get() request to retrieve a VpnTunnel.", "type": "string" }, "labels": { "additionalProperties": { "type": "string" }, "description": "Labels for this resource. These can only be added or modified by the setLabels method. Each label key/value pair must comply with RFC1035. Label values may be empty.", "type": "object" }, "localTrafficSelector": { "description": "Local traffic selector to use when establishing the VPN tunnel with the peer VPN gateway. The value should be a CIDR formatted string, for example: 192.168.0.0/16. The ranges must be disjoint. Only IPv4 is supported.", "items": { "type": "string" }, "type": "array" }, "name": { "description": "Name of the resource. Provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression `[a-z]([-a-z0-9]*[a-z0-9])?` which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.", "pattern": "[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?", "type": "string" }, "peerExternalGateway": { "description": "URL of the peer side external VPN gateway to which this VPN tunnel is connected. Provided by the client when the VPN tunnel is created. This field is exclusive with the field peerGcpGateway.", "type": "string" }, "peerExternalGatewayInterface": { "description": "The interface ID of the external VPN gateway to which this VPN tunnel is connected. Provided by the client when the VPN tunnel is created. Possible values are: `0`, `1`, `2`, `3`. The number of IDs in use depends on the external VPN gateway redundancy type.", "type": "integer" }, "peerGcpGateway": { "description": "URL of the peer side HA VPN gateway to which this VPN tunnel is connected. Provided by the client when the VPN tunnel is created. This field can be used when creating highly available VPN from VPC network to VPC network, the field is exclusive with the field peerExternalGateway. If provided, the VPN tunnel will automatically use the same vpnGatewayInterface ID in the peer Google Cloud VPN gateway.", "type": "string" }, "peerIp": { "description": "IP address of the peer VPN gateway. Only IPv4 is supported.", "type": "string" }, "region": { "description": "[Output Only] URL of the region where the VPN tunnel resides. You must specify this field as part of the HTTP request URL. It is not settable as a field in the request body.", "type": "string" }, "remoteTrafficSelector": { "description": "Remote traffic selectors to use when establishing the VPN tunnel with the peer VPN gateway. The value should be a CIDR formatted string, for example: 192.168.0.0/16. The ranges should be disjoint. Only IPv4 is supported.", "items": { "type": "string" }, "type": "array" }, "router": { "description": "URL of the router resource to be used for dynamic routing.", "type": "string" }, "selfLink": { "description": "[Output Only] Server-defined URL for the resource.", "type": "string" }, "sharedSecret": { "description": "Shared secret used to set the secure session between the Cloud VPN gateway and the peer VPN gateway.", "type": "string" }, "sharedSecretHash": { "description": "Hash of the shared secret.", "type": "string" }, "status": { "description": "[Output Only] The status of the VPN tunnel, which can be one of the following: - PROVISIONING: Resource is being allocated for the VPN tunnel. - WAITING_FOR_FULL_CONFIG: Waiting to receive all VPN-related configs from the user. Network, TargetVpnGateway, VpnTunnel, ForwardingRule, and Route resources are needed to setup the VPN tunnel. - FIRST_HANDSHAKE: Successful first handshake with the peer VPN. - ESTABLISHED: Secure session is successfully established with the peer VPN. - NETWORK_ERROR: Deprecated, replaced by NO_INCOMING_PACKETS - AUTHORIZATION_ERROR: Auth error (for example, bad shared secret). - NEGOTIATION_FAILURE: Handshake failed. - DEPROVISIONING: Resources are being deallocated for the VPN tunnel. - FAILED: Tunnel creation has failed and the tunnel is not ready to be used. - NO_INCOMING_PACKETS: No incoming packets from peer. - REJECTED: Tunnel configuration was rejected, can be result of being denied access. - ALLOCATING_RESOURCES: Cloud VPN is in the process of allocating all required resources. - STOPPED: Tunnel is stopped due to its Forwarding Rules being deleted for Classic VPN tunnels or the project is in frozen state. - PEER_IDENTITY_MISMATCH: Peer identity does not match peer IP, probably behind NAT. - TS_NARROWING_NOT_ALLOWED: Traffic selector narrowing not allowed for an HA-VPN tunnel. ", "enum": [ "ALLOCATING_RESOURCES", "AUTHORIZATION_ERROR", "DEPROVISIONING", "ESTABLISHED", "FAILED", "FIRST_HANDSHAKE", "NEGOTIATION_FAILURE", "NETWORK_ERROR", "NO_INCOMING_PACKETS", "PROVISIONING", "REJECTED", "STOPPED", "WAITING_FOR_FULL_CONFIG" ], "type": "string" }, "targetVpnGateway": { "description": "URL of the Target VPN gateway with which this VPN tunnel is associated. Provided by the client when the VPN tunnel is created.", "type": "string" }, "vpnGateway": { "description": "URL of the VPN gateway with which this VPN tunnel is associated. Provided by the client when the VPN tunnel is created. This must be used (instead of target_vpn_gateway) if a High Availability VPN gateway resource is created.", "type": "string" }, "vpnGatewayInterface": { "description": "The interface ID of the VPN gateway with which this VPN tunnel is associated. Possible values are: `0`, `1`.", "type": "integer" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/VpnTunnel", "modUri": "tmod:@turbot/gcp-network" }}vpnTunnelAka
{ "type": "string", "pattern": "^gcp://compute.googleapis.com/projects/[a-z0-9-]{5,29}[a-z0-9]{1}/regions/(asia-east1|asia-east2|asia-northeast1|asia-south1|asia-southeast1|australia-southeast1|europe-north1|europe-west1|europe-west2|europe-west3|europe-west4|northamerica-northeast1|southamerica-east1|us-central1|us-east1|us-east4|us-west1|us-west2|global)/vpnTunnels/[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?$", "tests": [ { "descritpion": "base case", "input": "gcp://compute.googleapis.com/projects/aar-a4b6d489/regions/us-central1/vpnTunnels/test01" }, { "description": "invalid - invalid region name", "input": "gcp://compute.googleapis.com/projects/aar-a4b6d489/regions/asia-compass1/vpnTunnels/test01", "expected": false } ], ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/vpnTunnelAka", "modUri": "tmod:@turbot/gcp-network" }}WeightedBackendService
{ "description": "In contrast to a single BackendService in HttpRouteAction to which all matching traffic is directed to, WeightedBackendService allows traffic to be split across multiple backend services. The volume of traffic for each backend service is proportional to the weight specified in each WeightedBackendService", "properties": { "backendService": { "description": "The full or partial URL to the default BackendService resource. Before forwarding the request to backendService, the load balancer applies any relevant headerActions specified as part of this backendServiceWeight.", "type": "string" }, "headerAction": { "$ref": "#/definitions/HttpHeaderAction", "description": "Specifies changes to request and response headers that need to take effect for the selected backendService. headerAction specified here take effect before headerAction in the enclosing HttpRouteRule, PathMatcher and UrlMap. headerAction is not supported for load balancers that have their loadBalancingScheme set to EXTERNAL. Not supported when the URL map is bound to a target gRPC proxy that has validateForProxyless field set to true." }, "weight": { "description": "Specifies the fraction of traffic sent to a backend service, computed as weight / (sum of all weightedBackendService weights in routeAction) . The selection of a backend service is determined only for new traffic. Once a user's request has been directed to a backend service, subsequent requests are sent to the same backend service as determined by the backend service's session affinity policy. The value must be from 0 to 1000.", "type": "integer" } }, "type": "object", ".turbot": { "uri": "tmod:@turbot/gcp-network#/definitions/WeightedBackendService", "modUri": "tmod:@turbot/gcp-network" }}